From: Rainer Jung <rjung@apache.org>
Date: Mon, 13 Aug 2012 11:35:18 +0000 (+0000)
Subject: htpasswd: Use correct file mode for checking if file is writable.
X-Git-Tag: 2.4.3~55
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=3146e679ec441f09409a38ddc8d3a03d1c716e67;p=apache

htpasswd: Use correct file mode for checking if file is writable.
Also switch to the non-deprecated APR_FOPEN_* flags.
PR: 45923

Backport of r1369618 from trunk.

Submitted by: sf
Reviewed by: rjung, trawick, humbedooh
Backported by: rjung


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1372373 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index 6ddfe4cade..c63ff2ed40 100644
--- a/CHANGES
+++ b/CHANGES
@@ -7,6 +7,9 @@ Changes with Apache 2.4.3
      possible XSS for a site where untrusted users can upload files to
      a location with MultiViews enabled. [Niels Heinen <heinenn google.com>]
 
+  *) htpasswd: Use correct file mode for checking if file is writable.
+     PR 45923. [Stefan Fritsch]
+
   *) mod_rewrite: Fix crash with dbd RewriteMaps. PR 53663. [Mikhail T.
      <mi apache aldan algebra com>]
 
diff --git a/STATUS b/STATUS
index 89638947ce..a4479b18a3 100644
--- a/STATUS
+++ b/STATUS
@@ -88,12 +88,6 @@ RELEASE SHOWSTOPPERS:
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]
 
-   * htpasswd: Use correct file mode for checking if file is writable.
-     Also switch to the non-deprecated APR_FOPEN_* flags.
-     PR: 45923
-     trunk patch: http://svn.apache.org/viewvc?view=rev&rev=1369618
-     2.4.x patch: trunk patch works
-     +1: rjung, trawick, humbedooh
 
 PATCHES PROPOSED TO BACKPORT FROM TRUNK:
   [ New proposals should be added at the end of the list ]
diff --git a/support/htpasswd.c b/support/htpasswd.c
index 993ce625e3..31e766211d 100644
--- a/support/htpasswd.c
+++ b/support/htpasswd.c
@@ -520,7 +520,7 @@ int main(int argc, const char * const argv[])
             /*
              * Check that this existing file is readable and writable.
              */
-            if (!accessible(pool, pwfilename, APR_READ | APR_APPEND)) {
+            if (!accessible(pool, pwfilename, APR_FOPEN_READ|APR_FOPEN_WRITE)) {
                 apr_file_printf(errfile, "%s: cannot open file %s for "
                                 "read/write access" NL, argv[0], pwfilename);
                 exit(ERR_FILEPERM);
@@ -539,7 +539,7 @@ int main(int argc, const char * const argv[])
             /*
              * As it doesn't exist yet, verify that we can create it.
              */
-            if (!accessible(pool, pwfilename, APR_CREATE | APR_WRITE)) {
+            if (!accessible(pool, pwfilename, APR_FOPEN_WRITE|APR_FOPEN_CREATE)) {
                 apr_file_printf(errfile, "%s: cannot create file %s" NL,
                                 argv[0], pwfilename);
                 exit(ERR_FILEPERM);