Check the processed file on validity. If a line is not empty
and not a comment, it must contain at least one colon. Otherwise exit
with error code 7.
Submitted by: Thom May <thom@planetarytramp.net> (on 2002-07-02)
Kris Verbeeck <Kris.Verbeeck@ubizen.com> (on 2002-10-22)
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@99771
13f79535-47bb-0310-9956-
ffa450edef68
[Remove entries to the current 2.0 section below, when backported]
+ *) htpasswd: Check the processed file on validity. If a line is not empty
+ and not a comment, it must contain at least one colon. Otherwise exit
+ with error code 7. [Kris Verbeeck <Kris.Verbeeck@ubizen.com>, Thom May]
+
*) Use appropriate language code for Czech (cs) in default config
files. PR 9427. [André Malo]
APACHE 2.1 STATUS: -*-text-*-
-Last modified at [$Date: 2003/03/07 20:24:07 $]
+Last modified at [$Date: 2003/05/13 03:40:28 $]
Release [NOTE that only Alpha/Beta releases occur in 2.1 development]:
the same time. This mode lets us do that, so the MPM can be
fixed.
- * htpasswd blindly processes the file you give it, and does no
- sanity checking before totally corrupting whatever file it was
- you thought you had. It should check the input file and bail
- if it finds non-comment lines that do not contain exactly 1
- ':' character.
- Message-ID: <20020217150457.A31632@clove.org>
-
* Can a static httpd be built reliably?
Message-ID: <20020207142751.T31582@clove.org>
* 5: Failure; buffer would overflow (username, filename, or computed
* record too long)
* 6: Failure; username contains illegal or reserved characters
+ * 7: Failure; file is not a valid htpasswd file
*/
#include "apr.h"
#define ERR_INTERRUPTED 4
#define ERR_OVERFLOW 5
#define ERR_BADUSER 6
+#define ERR_INVALID 7
#define APHTP_NEWFILE 1
#define APHTP_NOFILE 2
if (colon != NULL) {
*colon = '\0';
}
+ else {
+ /*
+ * If we've not got a colon on the line, this could well
+ * not be a valid htpasswd file.
+ * We should bail at this point.
+ */
+ apr_file_printf(errfile, "\n%s: The file %s does not appear "
+ "to be a valid htpasswd file.\n",
+ argv[0], pwfilename);
+ apr_file_close(fpw);
+ exit(ERR_INVALID);
+ }
if (strcmp(user, scratch) != 0) {
putline(ftemp, line);
continue;