Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Cherokee: dev

Re: [Cherokee-commits] [3681] cherokee/trunk/cherokee/validator_htpasswd.c: Adds a missing check.

  

 
Cherokee dev RSS feed   Index | Next | Previous | View Threaded


alvaro at octality

Oct 6, 2009, 6:44 PM

Post #1 of 3 (74 views)
Permalink
Re: [Cherokee-commits] [3681] cherokee/trunk/cherokee/validator_htpasswd.c: Adds a missing check.
Hello there,
I don't think this one is right. There are other validation modules that can
handle empty passwords. For instance:


http://svn.cherokee-project.com/browser/cherokee/trunk/cherokee/validator_plain.c#L180

Is there some reason why the htpasswd module wouldn't do so?. I'm not
certain right now, I'd have to find some more time to check it out. :-m


On Wed, Oct 7, 2009 at 1:56 AM, SVN @ cherokee-project.com <
cherokee[at]cherokee-project.com> wrote:

> Revision 3681 <http://svn.cherokee-project.com/changeset/3681> Author
> taher Date 2009-10-06 19:56:41 +0200 (Tue, 06 Oct 2009) Log Message
>
> Adds a missing check. Thanks to Stefan de Konink for catching this one.
>
> Modified Paths
>
> - cherokee/trunk/cherokee/validator_htpasswd.c<#1242afb71cda411c_cherokeetrunkcherokeevalidator_htpasswdc>
>
> Diff Modified: cherokee/trunk/cherokee/validator_htpasswd.c (3680 =>
> 3681)
>
> --- cherokee/trunk/cherokee/validator_htpasswd.c 2009-09-29 16:30:34 UTC (rev 3680)
> +++ cherokee/trunk/cherokee/validator_htpasswd.c 2009-10-06 17:56:41 UTC (rev 3681)@@ -195,6 +195,9 @@ char *new_md5_crypt; char space[120]; + if (cherokee_buffer_is_empty (&conn->validator->passwd))
> + return ret_error;
> + new_md5_crypt = md5_crypt (conn->validator->passwd.buf, crypted, magic, space); if (new_md5_crypt == NULL) return ret_error;
>
>
> _______________________________________________
> Cherokee-commits mailing list
> Cherokee-commits[at]lists.octality.com
> http://lists.octality.com/listinfo/cherokee-commits
>
>


--
Greetings, alo
http://www.alobbs.com/


stefan at konink

Oct 6, 2009, 11:12 PM

Post #2 of 3 (69 views)
Permalink
Re: [Cherokee-commits] [3681] cherokee/trunk/cherokee/validator_htpasswd.c: Adds a missing check. [In reply to]
In that case remove all the checks and init the var.

Stefan

Op 7 okt 2009 om 03:44 heeft Alvaro Lopez Ortega <alvaro[at]octality.com>
het volgende geschreven:\

> Hello there,
>
> I don't think this one is right. There are other validation modules
> that can handle empty passwords. For instance:
>
> http://svn.cherokee-project.com/browser/cherokee/trunk/cherokee/validator_plain.c#L180
>
> Is there some reason why the htpasswd module wouldn't do so?. I'm
> not certain right now, I'd have to find some more time to check it
> out. :-m
>
>
> On Wed, Oct 7, 2009 at 1:56 AM, SVN @ cherokee-project.com <cherokee[at]cherokee-project.com
> > wrote:
> Revision
> 3681
> Author
> taher
> Date
> 2009-10-06 19:56:41 +0200 (Tue, 06 Oct 2009)
> Log Message
>
> Adds a missing check. Thanks to Stefan de Konink for catching this
> one.
> Modified Paths
>
> cherokee/trunk/cherokee/validator_htpasswd.c
> Diff
>
> Modified: cherokee/trunk/cherokee/validator_htpasswd.c (3680 => 3681)
>
> --- cherokee/trunk/cherokee/validator_htpasswd.c 2009-09-29 16:30:34
> UTC (rev 3680)
> +++ cherokee/trunk/cherokee/validator_htpasswd.c 2009-10-06 17:56:41
> UTC (rev 3681)
> @@ -195,6 +195,9 @@
> char *new_md5_crypt;
> char space[120];
>
> + if (cherokee_buffer_is_empty (&conn->validator->passwd))
> + return ret_error;
> +
> new_md5_crypt = md5_crypt (conn->validator->passwd.buf, crypted,
> magic, space);
> if (new_md5_crypt == NULL)
> return ret_error;
>
> _______________________________________________
> Cherokee-commits mailing list
> Cherokee-commits[at]lists.octality.com
> http://lists.octality.com/listinfo/cherokee-commits
>
>
>
>
> --
> Greetings, alo
> http://www.alobbs.com/
> _______________________________________________
> Cherokee-dev mailing list
> Cherokee-dev[at]lists.octality.com
> http://lists.octality.com/listinfo/cherokee-dev


taher at unixwars

Oct 7, 2009, 12:30 AM

Post #3 of 3 (69 views)
Permalink
Re: [Cherokee-commits] [3681] cherokee/trunk/cherokee/validator_htpasswd.c: Adds a missing check. [In reply to]
I actually didn't think of that. Reverted for the time being.
Thanks Alvaro.

Alvaro Lopez Ortega wrote:
> Hello there,
>
> I don't think this one is right. There are other validation modules
> that can handle empty passwords. For instance:
>
> http://svn.cherokee-project.com/browser/cherokee/trunk/cherokee/validator_plain.c#L180
>
> Is there some reason why the htpasswd module wouldn't do so?. I'm not
> certain right now, I'd have to find some more time to check it out. :-m

--
taher[at]unixwars.com
http://unixwars.com/

_______________________________________________
Cherokee-dev mailing list
Cherokee-dev[at]lists.octality.com
http://lists.octality.com/listinfo/cherokee-dev

Cherokee dev RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact lists@gossamer-threads.com
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.