coar 99/04/08 13:56:44
Modified: src CHANGES
src/ap ap_md5c.c
src/include ap_md5.h
src/main http_core.c util_md5.c
src/support htpasswd.c
Log:
Passwords, as user input, may not be 7-bit ASCII -- so we need
to treat them as unsigned char*'s. No surprises there; this
just regularises the usage so we don't get compilation messages.
Revision Changes Path
1.1300 +4 -0 apache-1.3/src/CHANGES
Index: CHANGES
===================================================================
RCS file: /home/cvs/apache-1.3/src/CHANGES,v
retrieving revision 1.1299
retrieving revision 1.1300
diff -u -r1.1299 -r1.1300
--- CHANGES 1999/04/08 11:36:37 1.1299
+++ CHANGES 1999/04/08 20:56:34 1.1300
@@ -1,4 +1,8 @@
Changes with Apache 1.3.7
+ *) Correct the signed/unsigned character handling for the MD5 routines;
+ mismatches were causing compilation problems with gcc -pedantic and
+ in the TPF cross-compilation. [Ken Coar]
+
*) OS/2: Rework CGI handling to use spawn*() instead of fork/exec,
achieving
a roughly 5 fold speed up. [Brian Havard]
1.25 +35 -25 apache-1.3/src/ap/ap_md5c.c
Index: ap_md5c.c
===================================================================
RCS file: /home/cvs/apache-1.3/src/ap/ap_md5c.c,v
retrieving revision 1.24
retrieving revision 1.25
diff -u -r1.24 -r1.25
--- ap_md5c.c 1999/03/25 16:43:21 1.24
+++ ap_md5c.c 1999/04/08 20:56:38 1.25
@@ -181,7 +181,7 @@
/* MD5 initialization. Begins an MD5 operation, writing a new context.
*/
-API_EXPORT(void) ap_MD5Init(AP_MD5_CTX * context)
+API_EXPORT(void) ap_MD5Init(AP_MD5_CTX *context)
{
context->count[0] = context->count[1] = 0;
/* Load magic initialization constants. */
@@ -195,8 +195,8 @@
operation, processing another message block, and updating the
context.
*/
-API_EXPORT(void) ap_MD5Update(AP_MD5_CTX * context, const unsigned char
*input,
- unsigned int inputLen)
+API_EXPORT(void) ap_MD5Update(AP_MD5_CTX *context, const unsigned char
*input,
+ unsigned int inputLen)
{
unsigned int i, idx, partLen;
@@ -204,8 +204,10 @@
idx = (unsigned int) ((context->count[0] >> 3) & 0x3F);
/* Update number of bits */
- if ((context->count[0] += ((UINT4) inputLen << 3)) < ((UINT4) inputLen
<< 3))
+ if ((context->count[0] += ((UINT4) inputLen << 3))
+ < ((UINT4) inputLen << 3)) {
context->count[1]++;
+ }
context->count[1] += (UINT4) inputLen >> 29;
partLen = 64 - idx;
@@ -216,13 +218,15 @@
memcpy(&context->buffer[idx], input, partLen);
MD5Transform(context->state, context->buffer);
- for (i = partLen; i + 63 < inputLen; i += 64)
+ for (i = partLen; i + 63 < inputLen; i += 64) {
MD5Transform(context->state, &input[i]);
+ }
idx = 0;
}
- else
+ else {
i = 0;
+ }
/* Buffer remaining input */
memcpy(&context->buffer[idx], &input[i], inputLen - i);
@@ -239,8 +243,9 @@
idx = 0;
}
- else
+ else {
i = 0;
+ }
/* Buffer remaining input */
ebcdic2ascii_strictly(&context->buffer[idx], &input[i], inputLen - i);
@@ -250,7 +255,7 @@
/* MD5 finalization. Ends an MD5 message-digest operation, writing the
the message digest and zeroizing the context.
*/
-API_EXPORT(void) ap_MD5Final(unsigned char digest[16], AP_MD5_CTX * context)
+API_EXPORT(void) ap_MD5Final(unsigned char digest[16], AP_MD5_CTX *context)
{
unsigned char bits[8];
unsigned int idx, padLen;
@@ -277,10 +282,10 @@
/* Pad out to 56 mod 64. */
idx = (unsigned int) ((context->count[0] >> 3) & 0x3f);
padLen = (idx < 56) ? (56 - idx) : (120 - idx);
- ap_MD5Update(context, PADDING, padLen);
+ ap_MD5Update(context, (const unsigned char *)PADDING, padLen);
/* Append length (before padding) */
- ap_MD5Update(context, bits, 8);
+ ap_MD5Update(context, (const unsigned char *)bits, 8);
/* Store state in digest */
Encode(digest, context->state, 16);
@@ -429,7 +434,8 @@
}
}
-API_EXPORT(void) ap_MD5Encode(const char *pw, const char *salt,
+API_EXPORT(void) ap_MD5Encode(const unsigned char *pw,
+ const unsigned char *salt,
char *result, size_t nbytes)
{
/*
@@ -439,9 +445,11 @@
*/
char passwd[120], *p;
- const char *sp, *ep;
+ const unsigned char *sp, *ep;
unsigned char final[16];
- int sl, pl, i;
+ int i;
+ unsigned int sl, pl;
+ unsigned int pwlen;
AP_MD5_CTX ctx, ctx1;
unsigned long l;
@@ -455,7 +463,7 @@
/*
* If it starts with the magic string, then skip that.
*/
- if (!strncmp(sp, apr1_id, strlen(apr1_id))) {
+ if (!strncmp((char *)sp, apr1_id, strlen(apr1_id))) {
sp += strlen(apr1_id);
}
@@ -476,15 +484,16 @@
*/
ap_MD5Init(&ctx);
+ pwlen = strlen((char *)pw);
/*
* The password first, since that is what is most unknown
*/
- ap_MD5Update(&ctx, pw, strlen(pw));
+ ap_MD5Update(&ctx, pw, pwlen);
/*
* Then our magic string
*/
- ap_MD5Update(&ctx, apr1_id, strlen(apr1_id));
+ ap_MD5Update(&ctx, (const unsigned char *)apr1_id, strlen(apr1_id));
/*
* Then the raw salt
@@ -495,11 +504,11 @@
* Then just as many characters of the MD5(pw, salt, pw)
*/
ap_MD5Init(&ctx1);
- ap_MD5Update(&ctx1, pw, strlen(pw));
+ ap_MD5Update(&ctx1, pw, pwlen);
ap_MD5Update(&ctx1, sp, sl);
- ap_MD5Update(&ctx1, pw, strlen(pw));
+ ap_MD5Update(&ctx1, pw, pwlen);
ap_MD5Final(final, &ctx1);
- for(pl = strlen(pw); pl > 0; pl -= 16) {
+ for(pl = pwlen; pl > 0; pl -= 16) {
ap_MD5Update(&ctx, final, (pl > 16) ? 16 : pl);
}
@@ -511,7 +520,7 @@
/*
* Then something really weird...
*/
- for (i = strlen(pw); i != 0; i >>= 1) {
+ for (i = pwlen; i != 0; i >>= 1) {
if (i & 1) {
ap_MD5Update(&ctx, final, 1);
}
@@ -525,7 +534,7 @@
* can use the string routines without bounds checking.
*/
strcpy(passwd, apr1_id);
- strncat(passwd, sp, sl);
+ strncat(passwd, (char *)sp, sl);
strcat(passwd, "$");
ap_MD5Final(final, &ctx);
@@ -538,7 +547,7 @@
for (i = 0; i < 1000; i++) {
ap_MD5Init(&ctx1);
if (i & 1) {
- ap_MD5Update(&ctx1, pw, strlen(pw));
+ ap_MD5Update(&ctx1, pw, pwlen);
}
else {
ap_MD5Update(&ctx1, final, 16);
@@ -548,14 +557,14 @@
}
if (i % 7) {
- ap_MD5Update(&ctx1, pw, strlen(pw));
+ ap_MD5Update(&ctx1, pw, pwlen);
}
if (i & 1) {
ap_MD5Update(&ctx1, final, 16);
}
else {
- ap_MD5Update(&ctx1, pw, strlen(pw));
+ ap_MD5Update(&ctx1, pw, pwlen);
}
ap_MD5Final(final,&ctx1);
}
@@ -594,7 +603,8 @@
/*
* The hash was created using our custom algorithm.
*/
- ap_MD5Encode(passwd, hash, sample, sizeof(sample));
+ ap_MD5Encode((const unsigned char *)passwd,
+ (const unsigned char *)hash, sample, sizeof(sample));
}
else {
/*
1.5 +6 -5 apache-1.3/src/include/ap_md5.h
Index: ap_md5.h
===================================================================
RCS file: /home/cvs/apache-1.3/src/include/ap_md5.h,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- ap_md5.h 1999/02/03 16:22:31 1.4
+++ ap_md5.h 1999/04/08 20:56:39 1.5
@@ -104,11 +104,12 @@
unsigned char buffer[64]; /* input buffer */
} AP_MD5_CTX;
-API_EXPORT(void) ap_MD5Init(AP_MD5_CTX * context);
-API_EXPORT(void) ap_MD5Update(AP_MD5_CTX * context, const unsigned char
*input,
- unsigned int inputLen);
-API_EXPORT(void) ap_MD5Final(unsigned char digest[16], AP_MD5_CTX * context);
-API_EXPORT(void) ap_MD5Encode(const char *password, const char *salt,
+API_EXPORT(void) ap_MD5Init(AP_MD5_CTX *context);
+API_EXPORT(void) ap_MD5Update(AP_MD5_CTX *context, const unsigned char
*input,
+ unsigned int inputLen);
+API_EXPORT(void) ap_MD5Final(unsigned char digest[16], AP_MD5_CTX *context);
+API_EXPORT(void) ap_MD5Encode(const unsigned char *password,
+ const unsigned char *salt,
char *result, size_t nbytes);
API_EXPORT(char *) ap_validate_password(const char *passwd, const char
*hash);
1.257 +1 -1 apache-1.3/src/main/http_core.c
Index: http_core.c
===================================================================
RCS file: /home/cvs/apache-1.3/src/main/http_core.c,v
retrieving revision 1.256
retrieving revision 1.257
diff -u -r1.256 -r1.257
--- http_core.c 1999/03/19 23:54:08 1.256
+++ http_core.c 1999/04/08 20:56:43 1.257
@@ -3101,7 +3101,7 @@
AP_MD5_CTX context;
ap_MD5Init(&context);
- ap_MD5Update(&context, (void *)mm, r->finfo.st_size);
+ ap_MD5Update(&context, (void *)mm, (unsigned int)r->finfo.st_size);
ap_table_setn(r->headers_out, "Content-MD5",
ap_md5contextTo64(r->pool, &context));
}
1.18 +3 -3 apache-1.3/src/main/util_md5.c
Index: util_md5.c
===================================================================
RCS file: /home/cvs/apache-1.3/src/main/util_md5.c,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -r1.17 -r1.18
--- util_md5.c 1999/01/01 19:04:53 1.17
+++ util_md5.c 1999/04/08 20:56:43 1.18
@@ -100,7 +100,7 @@
*/
ap_MD5Init(&my_md5);
- ap_MD5Update(&my_md5, buf, length);
+ ap_MD5Update(&my_md5, buf, (unsigned int)length);
ap_MD5Final(hash, &my_md5);
for (i = 0, r = result; i < 16; i++) {
@@ -114,7 +114,7 @@
API_EXPORT(char *) ap_md5(pool *p, const unsigned char *string)
{
- return ap_md5_binary(p, string, strlen(string));
+ return ap_md5_binary(p, string, (int) strlen((char *)string));
}
/* these portions extracted from mpack, John G. Myers - [EMAIL PROTECTED] */
@@ -192,7 +192,7 @@
AP_MD5_CTX context;
unsigned char buf[1000];
long length = 0;
- int nbytes;
+ unsigned int nbytes;
ap_MD5Init(&context);
while ((nbytes = fread(buf, 1, sizeof(buf), infile))) {
1.25 +2 -1 apache-1.3/src/support/htpasswd.c
Index: htpasswd.c
===================================================================
RCS file: /home/cvs/apache-1.3/src/support/htpasswd.c,v
retrieving revision 1.24
retrieving revision 1.25
diff -u -r1.24 -r1.25
--- htpasswd.c 1999/03/19 21:20:48 1.24
+++ htpasswd.c 1999/04/08 20:56:44 1.25
@@ -247,7 +247,8 @@
switch (alg) {
case ALG_APMD5:
- ap_MD5Encode(pw, salt, cpw, sizeof(cpw));
+ ap_MD5Encode((const unsigned char *)pw, (const unsigned char *)salt,
+ cpw, sizeof(cpw));
break;
case ALG_CRYPT:
ap_cpystrn(cpw, (char *)crypt(pw, salt), sizeof(cpw) - 1);
