>Number: 770
>Category: mod_auth-any
>Synopsis: mod_auth_db cannot handle empty password
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: apache (Apache HTTP Project)
>State: open
>Class: sw-bug
>Submitter-Id: apache
>Arrival-Date: Sun Jun 22 03:30:01 1997
>Originator: [EMAIL PROTECTED]
>Organization:
apache
>Release: 1.2
>Environment:
BSDI BSD/OS version 3.0 for i386
>Description:
When you regist a user with null password, mod_auth_db reject
that user with cause of `password mistmatch'.
So you cannot regist a user without password.
>How-To-Repeat:
Any time you regist a user with null password.
>Fix:
here is a context diff for patch;
*** mod_auth_db.c 1997/06/22 09:15:15 1.1
--- mod_auth_db.c 1997/06/22 09:15:25
***************
*** 210,216 ****
colon_pw = strchr(real_pw,':');
if (colon_pw) *colon_pw='\0';
/* anyone know where the prototype for crypt is? */
! if(strcmp(real_pw,(char *)crypt(sent_pw,real_pw))) {
ap_snprintf(errstr, sizeof(errstr),
"user %s: password mismatch",c->user);
log_reason (errstr, r->uri, r);
--- 210,216 ----
colon_pw = strchr(real_pw,':');
if (colon_pw) *colon_pw='\0';
/* anyone know where the prototype for crypt is? */
! if(*real_pw && strcmp(real_pw,(char *)crypt(sent_pw,real_pw))) {
ap_snprintf(errstr, sizeof(errstr),
"user %s: password mismatch",c->user);
log_reason (errstr, r->uri, r);
%0
>Audit-Trail:
>Unformatted:
