From: William A. Rowe Jr Date: Tue, 21 Aug 2012 17:51:32 +0000 (+0000) Subject: * htdbm/htpasswd: fix handling of crypt() failures. X-Git-Tag: 2.2.23~2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4d5960fecb1e82709e542df134947ddb4367c7d0;p=thirdparty%2Fapache%2Fhttpd.git * htdbm/htpasswd: fix handling of crypt() failures. Backports: r1346905 Submitted by: Paul Wouters , jorton Reviewed by: rjung, trawick, wrowe git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1375698 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index a970684a746..d4117267507 100644 --- a/CHANGES +++ b/CHANGES @@ -10,6 +10,9 @@ Changes with Apache 2.2.23 possible XSS for a site where untrusted users can upload files to a location with MultiViews enabled. [Niels Heinen ] + *) htdbm, htpasswd: Don't crash if crypt() fails (e.g. with FIPS enabled). + [Paul Wouters , Joe Orton] + *) mod_ldap: Treat the "server unavailable" condition as a transient error with all LDAP SDKs. [Filip Valder ] diff --git a/STATUS b/STATUS index 6df3bef33fa..3cb2ddfa603 100644 --- a/STATUS +++ b/STATUS @@ -93,11 +93,6 @@ RELEASE SHOWSTOPPERS: PATCHES ACCEPTED TO BACKPORT FROM TRUNK: [ start all new proposals below, under PATCHES PROPOSED. ] - * htdbm/htpasswd: fix handling of crypt() failures. - trunk patch: http://svn.apache.org/viewvc?view=revision&revision=1346905 - 2.4.x patch: http://svn.apache.org/viewvc?view=revision&revision=1356887 - 2.2.x patch: http://people.apache.org/~rjung/patches/htdbm-htpasswd-handling_crypt_failure-2_2.patch - +1: rjung, trawick, wrowe PATCHES PROPOSED TO BACKPORT FROM TRUNK: [ New proposals should be added at the end of the list ] diff --git a/support/htdbm.c b/support/htdbm.c index 5e4b8fb006d..dd89d01b6c3 100644 --- a/support/htdbm.c +++ b/support/htdbm.c @@ -288,6 +288,9 @@ static apr_status_t htdbm_make(htdbm_t *htdbm) { char cpw[MAX_STRING_LEN]; char salt[9]; +#if (!(defined(WIN32) || defined(NETWARE))) + char *cbuf; +#endif switch (htdbm->alg) { case ALG_APSHA: @@ -315,7 +318,15 @@ static apr_status_t htdbm_make(htdbm_t *htdbm) (void) srand((int) time((time_t *) NULL)); to64(&salt[0], rand(), 8); salt[8] = '\0'; - apr_cpystrn(cpw, (char *)crypt(htdbm->userpass, salt), sizeof(cpw) - 1); + cbuf = crypt(htdbm->userpass, salt); + if (cbuf == NULL) { + char errbuf[128]; + + fprintf(stderr, "crypt() failed: %s\n", + apr_strerror(errno, errbuf, sizeof errbuf)); + exit(ERR_PWMISMATCH); + } + apr_cpystrn(cpw, cbuf, sizeof(cpw) - 1); fprintf(stderr, "CRYPT is now deprecated, use MD5 instead!\n"); #endif default: diff --git a/support/htpasswd.c b/support/htpasswd.c index 3aa9e184521..f218f794856 100644 --- a/support/htpasswd.c +++ b/support/htpasswd.c @@ -166,6 +166,9 @@ static int mkrecord(char *user, char *record, apr_size_t rlen, char *passwd, char pwv[MAX_STRING_LEN]; char salt[9]; apr_size_t bufsize; +#if (!(defined(WIN32) || defined(NETWARE))) + char *cbuf; +#endif if (passwd != NULL) { pw = passwd; @@ -218,7 +221,16 @@ static int mkrecord(char *user, char *record, apr_size_t rlen, char *passwd, to64(&salt[0], rand(), 8); salt[8] = '\0'; - apr_cpystrn(cpw, crypt(pw, salt), sizeof(cpw) - 1); + cbuf = crypt(pw, salt); + if (cbuf == NULL) { + char errbuf[128]; + + apr_snprintf(record, rlen-1, "crypt() failed: %s", + apr_strerror(errno, errbuf, sizeof errbuf)); + return ERR_PWMISMATCH; + } + + apr_cpystrn(cpw, cbuf, sizeof(cpw) - 1); if (strlen(pw) > 8) { char *truncpw = strdup(pw); truncpw[8] = '\0';