Solves the following issue from the STATUS file:
* htpasswd blindly processes the file you give it, and does no
sanity checking before totally corrupting whatever file it was
you thought you had. It should check the input file and bail
if it finds non-comment lines that do not contain exactly 1
':' character.
Message-ID: <[EMAIL PROTECTED]>
htpasswd will return error code 7 if the file contains invalid entries.
The patch contains a diff for htpasswd.c, htpasswd.1 (the man page) and
htpasswd.html (the HTML manual). I think that's it.
--
ir. Kris Verbeeck
Development Engineer
Ubizen - Ubicenter - Philipssite 5 - 3001 Leuven - Belgium
T: +32 16 28 70 64
F: +32 16 28 70 77
Ubizen - We Secure e-business - www.ubizen.com
--- docs/man/htpasswd.1 13 Mar 2002 20:47:40 -0000 1.7
+++ docs/man/htpasswd.1 22 Oct 2002 09:39:43 -0000
@@ -197,8 +197,9 @@
was a syntax problem with the command line, 3 if the password was
entered interactively and the verification entry didn't match, 4 if
its operation was interrupted, 5 if a value is too long (username,
-filename, password, or final computed record), and 6 if the username
-contains illegal characters (see the \fBRESTRICTIONS\fP section).
+filename, password, or final computed record), 6 if the username
+contains illegal characters (see the \fBRESTRICTIONS\fP section),
+and 7 if the \fIpasswdfile\fP contains invalid entries.
.SH EXAMPLES
\fBhtpasswd /usr/local/etc/apache/.htpasswd-users jsmith\fP
.IP
--- docs/manual/programs/htpasswd.html 22 Sep 2001 19:38:35 -0000 1.3
+++ docs/manual/programs/htpasswd.html 22 Oct 2002 09:39:44 -0000
@@ -110,9 +110,10 @@
the command line, 3 if the password was entered interac-
tively and the verification entry didn't match, 4 if its
operation was interrupted, 5 if a value is too long (user-
- name, filename, password, or final computed record), and 6
+ name, filename, password, or final computed record), 6
if the username contains illegal characters (see the <strong>RES-</strong>
- <strong>TRICTIONS</strong> section).
+ <strong>TRICTIONS</strong> section), and 7 if the <em>passwdfile</em>
+ contains invalid entries.
<strong>EXAMPLES</strong>
<strong>htpasswd /usr/local/etc/apache/.htpasswd-users jsmith</strong>
--- support/htpasswd.c 8 Oct 2002 11:21:25 -0000 1.67
+++ support/htpasswd.c 22 Oct 2002 09:39:46 -0000
@@ -77,6 +77,7 @@
* 5: Failure; buffer would overflow (username, filename, or computed
* record too long)
* 6: Failure; username contains illegal or reserved characters
+ * 7: Failure; file is invalid
*/
#include "apr.h"
@@ -133,6 +134,7 @@
#define ERR_INTERRUPTED 4
#define ERR_OVERFLOW 5
#define ERR_BADUSER 6
+#define ERR_BADFILE 7
#define APHTP_NEWFILE 1
#define APHTP_NOFILE 2
@@ -577,6 +579,10 @@
colon = strchr(scratch, ':');
if (colon != NULL) {
*colon = '\0';
+ } else {
+ apr_file_close(fpw);
+ apr_file_close(ftemp);
+ exit(ERR_BADFILE);
}
if (strcmp(user, scratch) != 0) {
putline(ftemp, line);
