From: Jeff Trawick <trawick@apache.org>
Date: Thu, 23 Jun 2005 20:45:17 +0000 (+0000)
Subject: Fix htdbm password validation for records which included comments.
X-Git-Tag: 2.1.6~3
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=e077e6efc90cdcebc7ca090ec5d055dea82e77ca;p=apache

Fix htdbm password validation for records which included comments.

Submitted by: Eric Covener <covener gmail.com>
Reviewed by:  trawick



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@201455 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index c0a1eb2b54..838e5cddaa 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,9 @@
 Changes with Apache 2.1.6
   [Remove entries to the current 2.0 section below, when backported]
 
+  *) Fix htdbm password validation for records which included comments.
+     [Eric Covener <covener gmail.com>]
+
   *) SECURITY: 
      proxy HTTP: If a response contains both Transfer-Encoding and a 
      Content-Length, remove the Content-Length and don't reuse the
diff --git a/support/htdbm.c b/support/htdbm.c
index 2f32bcee44..9af6dad063 100644
--- a/support/htdbm.c
+++ b/support/htdbm.c
@@ -226,7 +226,7 @@ static apr_status_t htdbm_verify(htdbm_t *htdbm)
     if (apr_dbm_fetch(htdbm->dbm, key, &val) != APR_SUCCESS)
         return APR_ENOENT;
     rec = apr_pstrndup(htdbm->pool, val.dptr, val.dsize);
-    cmnt = strchr(rec, ';');
+    cmnt = strchr(rec, ':');
     if (cmnt)
         strncpy(pwd, rec, cmnt - rec);
     else