cherokee at cherokee-project
Nov 15, 2009, 7:55 AM
Post #1 of 1
(113 views)
Permalink
|
|
[3817] cherokee/trunk/cherokee/validator_htpasswd.c: Fixes http://bugs. cherokee-project.com/593: The htpasswd validator
|
|
Revision: 3817
http://svn.cherokee-project.com/changeset/3817
Author: alo
Date: 2009-11-15 16:55:03 +0100 (Sun, 15 Nov 2009)
Log Message:
-----------
Fixes http://bugs.cherokee-project.com/593: The htpasswd validator
could seg-fault under some certain circumstances. Thanks to Stefan
de Konink for the report, patch and feedback!!
Modified Paths:
--------------
cherokee/trunk/cherokee/validator_htpasswd.c
Modified: cherokee/trunk/cherokee/validator_htpasswd.c
===================================================================
--- cherokee/trunk/cherokee/validator_htpasswd.c 2009-11-14 11:58:40 UTC (rev 3816)
+++ cherokee/trunk/cherokee/validator_htpasswd.c 2009-11-15 15:55:03 UTC (rev 3817)
@@ -164,8 +164,9 @@
static ret_t
validate_plain (cherokee_connection_t *conn, const char *crypted)
{
- if (cherokee_buffer_is_empty (&conn->validator->passwd))
+ if (cherokee_buffer_is_empty (&conn->validator->passwd)) {
return ret_error;
+ }
return (strcmp (conn->validator->passwd.buf, crypted) == 0) ? ret_ok : ret_error;
}
@@ -177,11 +178,11 @@
ret_t ret;
char salt[CRYPT_SALT_LENGTH];
- if (cherokee_buffer_is_empty (&conn->validator->passwd))
+ if (cherokee_buffer_is_empty (&conn->validator->passwd)) {
return ret_error;
+ }
memcpy (salt, crypted, CRYPT_SALT_LENGTH);
-
ret = check_crypt (conn->validator->passwd.buf, salt, crypted);
return ret;
@@ -195,9 +196,14 @@
char *new_md5_crypt;
char space[120];
+ if (cherokee_buffer_is_empty (&conn->validator->passwd)) {
+ return ret_error;
+ }
+
new_md5_crypt = md5_crypt (conn->validator->passwd.buf, crypted, magic, space);
- if (new_md5_crypt == NULL)
+ if (new_md5_crypt == NULL) {
return ret_error;
+ }
ret = (strcmp (new_md5_crypt, crypted) == 0) ? ret_ok : ret_error;
@@ -217,11 +223,13 @@
/* Check the size. It should be: "{SHA1}" + Base64(SHA1(info))
*/
- if (c_len != 28)
+ if (c_len != 28) {
return ret_error;
+ }
- if (cherokee_buffer_is_empty (&conn->validator->passwd))
+ if (cherokee_buffer_is_empty (&conn->validator->passwd)) {
return ret_error;
+ }
/* Decode user
*/
@@ -230,8 +238,9 @@
cherokee_buffer_add_buffer (sha1_buf1, &conn->validator->passwd);
cherokee_buffer_encode_sha1_base64 (sha1_buf1, sha1_buf2);
- if (strcmp (sha1_buf2->buf, crypted) == 0)
+ if (strcmp (sha1_buf2->buf, crypted) == 0) {
return ret_ok;
+ }
return ret_error;
}
@@ -357,23 +366,27 @@
} else if (cryp_len == 13) {
ret_auth = validate_crypt (conn, cryp);
- if (ret_auth != ret_ok)
+ if (ret_auth == ret_deny) {
ret_auth = validate_plain (conn, cryp);
-
+ }
} else {
ret_auth = validate_plain (conn, cryp);
}
- if (ret_auth == ret_ok)
- break;
+ if (ret_auth == ret_deny)
+ continue;
+
+ /* ret_ok, or ret_error */
+ break;
}
fclose(f);
/* Check the authentication returned value
*/
- if (ret_auth < ret_ok)
+ if (ret_auth < ret_ok) {
return ret_auth;
+ }
/* 2.- Security check:
* Is the client trying to download the passwd file?
|
