>Number: 4728 >Category: general >Synopsis: .htpasswd file can be wiped out if filesystem full >Confidential: no >Severity: critical >Priority: medium >Responsible: apache >State: open >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Wed Jul 14 08:40:01 PDT 1999 >Last-Modified: >Originator: [EMAIL PROTECTED] >Organization: apache >Release: >Environment: Linux 2.1.24 #129 Thu Jul 9 13:35:11 EST 1998 ppc unknown >Description: If the .htpasswd file is on a filesystem that has become full, then if the "htpasswd" binary is executed to add a new web user the existing data in ,htpasswd will be wiped out before the binary realizes the filesystem is full and aborts with an error. >How-To-Repeat: Fill the filesystem that ".htpasswd" sits on, then try to add a new username via the "htpassed" binary. >Fix: Have the binary somehow test to see if it can completely write the new ".htpasswd" file before it actually opens ".htpasswd" for writing. >Audit-Trail: >Unformatted: [In order for any reply to be added to the PR database, you need] [to include <[EMAIL PROTECTED]> in the Cc line and make sure the] [subject line starts with the report component and number, with ] [or without any 'Re:' prefixes (such as "general/1098:" or ] ["Re: general/1098:"). If the subject doesn't match this ] [pattern, your message will be misfiled and ignored. The ] ["apbugs" address is not added to the Cc line of messages from ] [the database automatically because of the potential for mail ] [loops. If you do not include this Cc, your reply may be ig- ] [nored unless you are responding to an explicit request from a ] [developer. Reply only with text; DO NOT SEND ATTACHMENTS! ]
