* support/htdbm.c (htdbm_make): Handle crypt() failure.
Submitted by: Paul Wouters <pwouters redhat.com>, jorton
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@
1346905 13f79535-47bb-0310-9956-
ffa450edef68
-*- coding: utf-8 -*-
Changes with Apache 2.5.0
+ *) htdbm, htpasswd: Don't crash if crypt() fails (e.g. with FIPS enabled).
+ [Paul Wouters <pwouters redhat.com>, Joe Orton]
+
*) mod_ssl: Add new directive SSLCompression to disable TLS-level
compression. PR 53219. [Björn Jacke <bjoern j3e de>, Stefan Fritsch]
{
char cpw[MAX_STRING_LEN];
char salt[9];
+#if (!(defined(WIN32) || defined(NETWARE)))
+ char *cbuf;
+#endif
switch (htdbm->alg) {
case ALG_APSHA:
(void) srand((int) time((time_t *) NULL));
to64(&salt[0], rand(), 8);
salt[8] = '\0';
- apr_cpystrn(cpw, crypt(htdbm->userpass, salt), sizeof(cpw) - 1);
+ cbuf = crypt(htdbm->userpass, salt);
+ if (cbuf == NULL) {
+ char errbuf[128];
+
+ fprintf(stderr, "crypt() failed: %s\n",
+ apr_strerror(errno, errbuf, sizeof errbuf));
+ exit(ERR_PWMISMATCH);
+ }
+ apr_cpystrn(cpw, cbuf, sizeof(cpw) - 1);
fprintf(stderr, "CRYPT is now deprecated, use MD5 instead!\n");
#endif
default:
char pwv[MAX_STRING_LEN];
char salt[9];
apr_size_t bufsize;
+#if CRYPT_ALGO_SUPPORTED
+ char *cbuf;
+#endif
if (passwd != NULL) {
pw = passwd;
to64(&salt[0], rand(), 8);
salt[8] = '\0';
- apr_cpystrn(cpw, crypt(pw, salt), sizeof(cpw) - 1);
+ cbuf = crypt(pw, salt);
+ if (cbuf == NULL) {
+ char errbuf[128];
+
+ apr_snprintf(record, rlen-1, "crypt() failed: %s",
+ apr_strerror(errno, errbuf, sizeof errbuf));
+ return ERR_PWMISMATCH;
+ }
+
+ apr_cpystrn(cpw, cbuf, sizeof(cpw) - 1);
if (strlen(pw) > 8) {
char *truncpw = strdup(pw);
truncpw[8] = '\0';
projects / apache / commitdiff