diff options
Diffstat (limited to 'httpd-2.4.4-r1476674.patch')
-rw-r--r-- | httpd-2.4.4-r1476674.patch | 110 |
1 files changed, 110 insertions, 0 deletions
diff --git a/httpd-2.4.4-r1476674.patch b/httpd-2.4.4-r1476674.patch new file mode 100644 index 0000000..d93945f --- /dev/null +++ b/httpd-2.4.4-r1476674.patch @@ -0,0 +1,110 @@ +Index: support/passwd_common.c +=================================================================== +--- a/support/passwd_common.c (revision 1476673) ++++ b/support/passwd_common.c (working copy) +@@ -113,17 +113,17 @@ + + int get_password(struct passwd_ctx *ctx) + { ++ char buf[MAX_STRING_LEN + 1]; + if (ctx->passwd_src == PW_STDIN) { +- char *buf = ctx->out; + apr_file_t *file_stdin; + apr_size_t nread; + if (apr_file_open_stdin(&file_stdin, ctx->pool) != APR_SUCCESS) { + ctx->errstr = "Unable to read from stdin."; + return ERR_GENERAL; + } +- if (apr_file_read_full(file_stdin, buf, ctx->out_len - 1, ++ if (apr_file_read_full(file_stdin, buf, sizeof(buf) - 1, + &nread) != APR_EOF +- || nread == ctx->out_len - 1) { ++ || nread == sizeof(buf) - 1) { + goto err_too_long; + } + buf[nread] = '\0'; +@@ -133,21 +133,24 @@ + buf[nread-2] = '\0'; + } + apr_file_close(file_stdin); ++ ctx->passwd = apr_pstrdup(ctx->pool, buf); + } + else { +- char buf[MAX_STRING_LEN + 1]; + apr_size_t bufsize = sizeof(buf); +- if (apr_password_get("New password: ", ctx->out, &ctx->out_len) != 0) ++ if (apr_password_get("New password: ", buf, &bufsize) != 0) + goto err_too_long; ++ ctx->passwd = apr_pstrdup(ctx->pool, buf); ++ bufsize = sizeof(buf); ++ buf[0] = '\0'; + apr_password_get("Re-type new password: ", buf, &bufsize); +- if (strcmp(ctx->out, buf) != 0) { ++ if (strcmp(ctx->passwd, buf) != 0) { + ctx->errstr = "password verification error"; +- memset(ctx->out, '\0', ctx->out_len); ++ memset(ctx->passwd, '\0', strlen(ctx->passwd)); + memset(buf, '\0', sizeof(buf)); + return ERR_PWMISMATCH; + } +- memset(buf, '\0', sizeof(buf)); + } ++ memset(buf, '\0', sizeof(buf)); + return 0; + + err_too_long: +@@ -164,7 +167,6 @@ + int mkhash(struct passwd_ctx *ctx) + { + char *pw; +- char pwin[MAX_STRING_LEN]; + char salt[16]; + apr_status_t rv; + int ret = 0; +@@ -177,14 +179,11 @@ + "Warning: Ignoring -C argument for this algorithm." NL); + } + +- if (ctx->passwd != NULL) { +- pw = ctx->passwd; +- } +- else { ++ if (ctx->passwd == NULL) { + if ((ret = get_password(ctx)) != 0) + return ret; +- pw = pwin; + } ++ pw = ctx->passwd; + + switch (ctx->alg) { + case ALG_APSHA: +@@ -224,7 +223,7 @@ + + apr_cpystrn(ctx->out, cbuf, ctx->out_len - 1); + if (strlen(pw) > 8) { +- char *truncpw = strdup(pw); ++ char *truncpw = apr_pstrdup(ctx->pool, pw); + truncpw[8] = '\0'; + if (!strcmp(ctx->out, crypt(truncpw, salt))) { + apr_file_printf(errfile, "Warning: Password truncated to 8 " +Index: support/htpasswd.c +=================================================================== +--- a/support/htpasswd.c (revision 1476673) ++++ b/support/htpasswd.c (working copy) +@@ -253,7 +253,6 @@ + int main(int argc, const char * const argv[]) + { + apr_file_t *fpw = NULL; +- const char *errstr = NULL; + char line[MAX_STRING_LEN]; + char *pwfilename = NULL; + char *user = NULL; +@@ -345,7 +344,7 @@ + if (!(mask & APHTP_DELUSER)) { + i = mkrecord(&ctx, user); + if (i != 0) { +- apr_file_printf(errfile, "%s: %s" NL, argv[0], errstr); ++ apr_file_printf(errfile, "%s: %s" NL, argv[0], ctx.errstr); + exit(i); + } + if (mask & APHTP_NOFILE) { |