This patch adds some sanity checking to ensure we don't blow away a file
that is not a htpasswd file.
--
Thom May -> [EMAIL PROTECTED]
Memes don't exist.
Tell your friends.
--NTK
Index: support/htpasswd.c
===================================================================
RCS file: /home/cvspublic/httpd-2.0/support/htpasswd.c,v
retrieving revision 1.50
diff -u -u -r1.50 htpasswd.c
--- support/htpasswd.c 2 Jul 2002 19:48:38 -0000 1.50
+++ support/htpasswd.c 2 Jul 2002 22:22:40 -0000
@@ -77,6 +77,7 @@
* 5: Failure; buffer would overflow (username, filename, or computed
* record too long)
* 6: Failure; username contains illegal or reserved characters
+ * 7: Failure; file is not a valid htpasswd file
*/
#include "apr.h"
@@ -133,6 +134,7 @@
#define ERR_INTERRUPTED 4
#define ERR_OVERFLOW 5
#define ERR_BADUSER 6
+#define ERR_INVALID 7
#define APHTP_NEWFILE 1
#define APHTP_NOFILE 2
@@ -584,6 +586,18 @@
if (colon != NULL) {
*colon = '\0';
}
+ else {
+ /*
+ * If we've not got a colon on the line, this could well
+ * not be a valid htpasswd file.
+ * We should bail at this point.
+ */
+ apr_file_printf(errfile, "\n%s: The file %s does not appear "
+ "to be a valid htpasswd file.\n",
+ argv[0], pwfilename);
+ apr_file_close(fpw);
+ exit(ERR_INVALID);
+ }
if (strcmp(user, scratch) != 0) {
putline(ftemp, line);
continue;
