htpasswd/htdbm: Fix hash generation bug. PR 54735

trunk patch: https://svn.apache.org/r1465115

Submitted by: MadMaverick9 <asfbugzilla meinkino.ch>
Reviewed by: sf, covener, minfrin

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1476674 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index c9a2e76c7f87dec32658ba7fce6003597f6ca46d..e6fd7d963259689754871d9a2d81fa77ebd26541 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -2,6 +2,8 @@
 
 Changes with Apache 2.4.5
 
+  *) htpasswd, htdbm: Fix password generation. PR 54735. [Stefan Fritsch]
+
   *) core: Add workaround for gcc bug on sparc/64bit. PR 52900.
      [Stefan Fritsch]
 

diff --git a/STATUS b/STATUS
index bf883b6103adce0a85a0cda17e6ec8380cbe71b3..b88dda577b4f9debda601757cda93996ce2857ae 100644 (file)
--- a/STATUS
+++ b/STATUS
@@ -95,11 +95,6 @@ PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
       2.4.x patch: trunk patches work
       +1: sf, humbedooh, covener
 
-    * htpasswd/htdbm: Fix hash generation bug. PR 54735
-      trunk patches: https://svn.apache.org/r1465115
-      2.4.x patch: trunk patches work
-      +1: sf, covener, minfrin
-
 
 PATCHES PROPOSED TO BACKPORT FROM TRUNK:
   [ New proposals should be added at the end of the list ]

diff --git a/support/htpasswd.c b/support/htpasswd.c
index 0989fd81b39c2917bbe0970789a6f66e9ac5580c..84c1a204f9891a78bed40938c7ff95145957bac7 100644 (file)
--- a/support/htpasswd.c
+++ b/support/htpasswd.c
@@ -253,7 +253,6 @@ static void check_args(int argc, const char *const argv[],
 int main(int argc, const char * const argv[])
 {
     apr_file_t *fpw = NULL;
-    const char *errstr = NULL;
     char line[MAX_STRING_LEN];
     char *pwfilename = NULL;
     char *user = NULL;
@@ -345,7 +344,7 @@ int main(int argc, const char * const argv[])
     if (!(mask & APHTP_DELUSER)) {
         i = mkrecord(&ctx, user);
         if (i != 0) {
-            apr_file_printf(errfile, "%s: %s" NL, argv[0], errstr);
+            apr_file_printf(errfile, "%s: %s" NL, argv[0], ctx.errstr);
             exit(i);
         }
         if (mask & APHTP_NOFILE) {

diff --git a/support/passwd_common.c b/support/passwd_common.c
index 7636835902c3db7c16460fe27908adfcecdc598d..95612b70c3abb90eaa44a5cf6ddca1bea91c0c78 100644 (file)
--- a/support/passwd_common.c
+++ b/support/passwd_common.c
@@ -113,17 +113,17 @@ void putline(apr_file_t *f, const char *l)
 
 int get_password(struct passwd_ctx *ctx)
 {
+    char buf[MAX_STRING_LEN + 1];
     if (ctx->passwd_src == PW_STDIN) {
-        char *buf = ctx->out;
         apr_file_t *file_stdin;
         apr_size_t nread;
         if (apr_file_open_stdin(&file_stdin, ctx->pool) != APR_SUCCESS) {
             ctx->errstr = "Unable to read from stdin.";
             return ERR_GENERAL;
         }
-        if (apr_file_read_full(file_stdin, buf, ctx->out_len - 1,
+        if (apr_file_read_full(file_stdin, buf, sizeof(buf) - 1,
                                &nread) != APR_EOF
-            || nread == ctx->out_len - 1) {
+            || nread == sizeof(buf) - 1) {
             goto err_too_long;
         }
         buf[nread] = '\0';
@@ -133,21 +133,24 @@ int get_password(struct passwd_ctx *ctx)
                 buf[nread-2] = '\0';
         }
         apr_file_close(file_stdin);
+        ctx->passwd = apr_pstrdup(ctx->pool, buf);
     }
     else {
-        char buf[MAX_STRING_LEN + 1];
         apr_size_t bufsize = sizeof(buf);
-        if (apr_password_get("New password: ", ctx->out, &ctx->out_len) != 0)
+        if (apr_password_get("New password: ", buf, &bufsize) != 0)
             goto err_too_long;
+        ctx->passwd = apr_pstrdup(ctx->pool, buf);
+        bufsize = sizeof(buf);
+        buf[0] = '\0';
         apr_password_get("Re-type new password: ", buf, &bufsize);
-        if (strcmp(ctx->out, buf) != 0) {
+        if (strcmp(ctx->passwd, buf) != 0) {
             ctx->errstr = "password verification error";
-            memset(ctx->out, '\0', ctx->out_len);
+            memset(ctx->passwd, '\0', strlen(ctx->passwd));
             memset(buf, '\0', sizeof(buf));
             return ERR_PWMISMATCH;
         }
-        memset(buf, '\0', sizeof(buf));
     }
+    memset(buf, '\0', sizeof(buf));
     return 0;
 
 err_too_long:
@@ -164,7 +167,6 @@ err_too_long:
 int mkhash(struct passwd_ctx *ctx)
 {
     char *pw;
-    char pwin[MAX_STRING_LEN];
     char salt[16];
     apr_status_t rv;
     int ret = 0;
@@ -177,14 +179,11 @@ int mkhash(struct passwd_ctx *ctx)
                         "Warning: Ignoring -C argument for this algorithm." NL);
     }
 
-    if (ctx->passwd != NULL) {
-        pw = ctx->passwd;
-    }
-    else {
+    if (ctx->passwd == NULL) {
         if ((ret = get_password(ctx)) != 0)
             return ret;
-        pw = pwin;
     }
+    pw = ctx->passwd;
 
     switch (ctx->alg) {
     case ALG_APSHA:
@@ -224,9 +223,7 @@ int mkhash(struct passwd_ctx *ctx)
 
         apr_cpystrn(ctx->out, cbuf, ctx->out_len - 1);
         if (strlen(pw) > 8) {
-            char *truncpw = strdup(pw);
-            if (truncpw == NULL)
-                abort_on_oom(0);
+            char *truncpw = apr_pstrdup(ctx->pool, pw);
             truncpw[8] = '\0';
             if (!strcmp(ctx->out, crypt(truncpw, salt))) {
                 apr_file_printf(errfile, "Warning: Password truncated to 8 "