From 1a0191d2ff83d1ce7458ebf8b54640ab0a8acf23 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Cyril=20Bont=C3=A9?= Date: Fri, 29 Aug 2014 20:20:02 +0200 Subject: [PATCH] BUG/MEDIUM: config: userlists should ensure that encrypted passwords are supported When an unknown encryption algorithm is used in userlists or the password is not pasted correctly in the configuration, http authentication silently fails. An initial check is now performed during the configuration parsing, in order to verify that the encrypted password is supported. An unsupported password will fail with a fatal error. This patch should be backported to 1.4 and 1.5. --- src/cfgparse.c | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/src/cfgparse.c b/src/cfgparse.c index 42c1790ce6..2519e84a89 100644 --- a/src/cfgparse.c +++ b/src/cfgparse.c @@ -10,6 +10,16 @@ * */ +#ifdef CONFIG_HAP_CRYPT +/* This is to have crypt() defined on Linux */ +#define _GNU_SOURCE + +#ifdef NEED_CRYPT_H +/* some platforms such as Solaris need this */ +#include +#endif +#endif /* CONFIG_HAP_CRYPT */ + #include #include #include @@ -5741,7 +5751,14 @@ cfg_parse_users(const char *file, int linenum, char **args, int kwm) while (*args[cur_arg]) { if (!strcmp(args[cur_arg], "password")) { -#ifndef CONFIG_HAP_CRYPT +#ifdef CONFIG_HAP_CRYPT + if (!crypt("", args[cur_arg + 1])) { + Alert("parsing [%s:%d]: the encrypted password used for user '%s' is not supported by crypt(3).\n", + file, linenum, newuser->user); + err_code |= ERR_ALERT | ERR_FATAL; + goto out; + } +#else Warning("parsing [%s:%d]: no crypt(3) support compiled, encrypted passwords will not work.\n", file, linenum); err_code |= ERR_ALERT; -- 2.39.5