From 3146e679ec441f09409a38ddc8d3a03d1c716e67 Mon Sep 17 00:00:00 2001 From: Rainer Jung Date: Mon, 13 Aug 2012 11:35:18 +0000 Subject: [PATCH] htpasswd: Use correct file mode for checking if file is writable. Also switch to the non-deprecated APR_FOPEN_* flags. PR: 45923 Backport of r1369618 from trunk. Submitted by: sf Reviewed by: rjung, trawick, humbedooh Backported by: rjung git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1372373 13f79535-47bb-0310-9956-ffa450edef68 --- CHANGES | 3 +++ STATUS | 6 ------ support/htpasswd.c | 4 ++-- 3 files changed, 5 insertions(+), 8 deletions(-) diff --git a/CHANGES b/CHANGES index 6ddfe4cade..c63ff2ed40 100644 --- a/CHANGES +++ b/CHANGES @@ -7,6 +7,9 @@ Changes with Apache 2.4.3 possible XSS for a site where untrusted users can upload files to a location with MultiViews enabled. [Niels Heinen ] + *) htpasswd: Use correct file mode for checking if file is writable. + PR 45923. [Stefan Fritsch] + *) mod_rewrite: Fix crash with dbd RewriteMaps. PR 53663. [Mikhail T. ] diff --git a/STATUS b/STATUS index 89638947ce..a4479b18a3 100644 --- a/STATUS +++ b/STATUS @@ -88,12 +88,6 @@ RELEASE SHOWSTOPPERS: PATCHES ACCEPTED TO BACKPORT FROM TRUNK: [ start all new proposals below, under PATCHES PROPOSED. ] - * htpasswd: Use correct file mode for checking if file is writable. - Also switch to the non-deprecated APR_FOPEN_* flags. - PR: 45923 - trunk patch: http://svn.apache.org/viewvc?view=rev&rev=1369618 - 2.4.x patch: trunk patch works - +1: rjung, trawick, humbedooh PATCHES PROPOSED TO BACKPORT FROM TRUNK: [ New proposals should be added at the end of the list ] diff --git a/support/htpasswd.c b/support/htpasswd.c index 993ce625e3..31e766211d 100644 --- a/support/htpasswd.c +++ b/support/htpasswd.c @@ -520,7 +520,7 @@ int main(int argc, const char * const argv[]) /* * Check that this existing file is readable and writable. */ - if (!accessible(pool, pwfilename, APR_READ | APR_APPEND)) { + if (!accessible(pool, pwfilename, APR_FOPEN_READ|APR_FOPEN_WRITE)) { apr_file_printf(errfile, "%s: cannot open file %s for " "read/write access" NL, argv[0], pwfilename); exit(ERR_FILEPERM); @@ -539,7 +539,7 @@ int main(int argc, const char * const argv[]) /* * As it doesn't exist yet, verify that we can create it. */ - if (!accessible(pool, pwfilename, APR_CREATE | APR_WRITE)) { + if (!accessible(pool, pwfilename, APR_FOPEN_WRITE|APR_FOPEN_CREATE)) { apr_file_printf(errfile, "%s: cannot create file %s" NL, argv[0], pwfilename); exit(ERR_FILEPERM); -- 2.40.0