summaryrefslogtreecommitdiffabout
authorSergey Poznyakoff <gray@gnu.org.ua>2017-10-25 15:42:45 (GMT)
committer Sergey Poznyakoff <gray@gnu.org.ua>2017-10-25 15:44:02 (GMT)
commited02e493c6cb9d2ced5503e37369daf7cd87064d (patch) (side-by-side diff)
tree60e3f132bd7531d2d6472726d8928a7f51747911
parentb1c79452b9f4cfe5ad432a7757f16d64e7050830 (diff)
downloadvmod-basicauth-ed02e493c6cb9d2ced5503e37369daf7cd87064d.tar.gz
vmod-basicauth-ed02e493c6cb9d2ced5503e37369daf7cd87064d.tar.bz2
Check for NULL returns from crypt, crypt_r and apr_md5_encode
Diffstat (more/less context) (ignore whitespace changes)
-rw-r--r--NEWS2
-rw-r--r--configure.ac2
-rw-r--r--src/vmod_basicauth.c15
3 files changed, 13 insertions, 6 deletions
diff --git a/NEWS b/NEWS
index 5cd7a9a..e6d8317 100644
--- a/NEWS
+++ b/NEWS
@@ -4,7 +4,7 @@ See the end of file for copying conditions.
Please send Vmod-basicauth bug reports to <gray@gnu.org>
-Version 1.5.90 (Git)
+Version 1.5.91 (Git)
* Improved testsute
diff --git a/configure.ac b/configure.ac
index bf33983..20d9827 100644
--- a/configure.ac
+++ b/configure.ac
@@ -14,7 +14,7 @@
# You should have received a copy of the GNU General Public License
# along with vmod-basicauth. If not, see <http://www.gnu.org/licenses/>.
AC_PREREQ(2.69)
-AC_INIT([vmod-basicauth], 1.5.90, [gray@gnu.org])
+AC_INIT([vmod-basicauth], 1.5.91, [gray@gnu.org])
AC_CONFIG_AUX_DIR([build-aux])
AC_CONFIG_MACRO_DIR([m4])
AC_CONFIG_SRCDIR(src/vmod_basicauth.vcc)
diff --git a/src/vmod_basicauth.c b/src/vmod_basicauth.c
index 943fba9..d106afd 100644
--- a/src/vmod_basicauth.c
+++ b/src/vmod_basicauth.c
@@ -107,12 +107,18 @@ static pthread_mutex_t pass_mutex = PTHREAD_MUTEX_INITIALIZER;
static int
crypt_match(const char *pass, const char *hash, struct vmod_priv *priv)
{
- int res;
+ int res = 1;
+ char *cp;
+
#ifdef HAVE_CRYPT_R
- res = strcmp(crypt_r(pass, hash, &get_priv_data(priv)->cdat), hash);
+ cp = crypt_r(pass, hash, &get_priv_data(priv)->cdat);
+ if (cp)
+ res = strcmp(cp, hash);
#else
pthread_mutex_lock(&pass_mutex);
- res = strcmp(crypt(pass, hash), hash);
+ cp = crypt(pass, hash);
+ if (cp)
+ res = strcmp(cp, hash);
pthread_mutex_unlock(&pass_mutex);
#endif
return res;
@@ -128,7 +134,8 @@ static int
apr_match(const char *pass, const char *hash, struct vmod_priv *priv)
{
char buf[120];
- return strcmp(apr_md5_encode(pass, hash, buf, sizeof(buf)), hash);
+ char *cp = apr_md5_encode(pass, hash, buf, sizeof(buf));
+ return cp ? strcmp(cp, hash) : 1;
}
#define SHA1_DIGEST_SIZE 20

Return to:

Send suggestions and report system problems to the System administrator.