8d8efa11b0
a lot of special features, but it suffices for most uses of the web, it's about as fast as the best full-featured servers (Apache, NCSA, Netscape), and it has one extremely useful feature (URL-traffic-based throttling) that no other server currently has. ok sthen@
41 lines
1.4 KiB
Plaintext
41 lines
1.4 KiB
Plaintext
$OpenBSD: patch-src_libhttpd_c,v 1.1.1.1 2013/08/10 02:48:26 brad Exp $
|
|
|
|
A local attacker with the ability to alter .htpasswd files could
|
|
cause a Denial of Service in thttpd by specially-crafting them.
|
|
CVE-2012-5640
|
|
|
|
--- src/libhttpd.c.orig Thu Mar 14 04:11:40 2013
|
|
+++ src/libhttpd.c Thu Mar 14 04:13:02 2013
|
|
@@ -1017,6 +1017,7 @@ auth_check2( httpd_conn* hc, char* dirname )
|
|
static size_t maxprevuser = 0;
|
|
static char* prevcryp;
|
|
static size_t maxprevcryp = 0;
|
|
+ char *crypt_result;
|
|
|
|
/* Construct auth filename. */
|
|
httpd_realloc_str(
|
|
@@ -1063,7 +1064,10 @@ auth_check2( httpd_conn* hc, char* dirname )
|
|
strcmp( authinfo, prevuser ) == 0 )
|
|
{
|
|
/* Yes. Check against the cached encrypted password. */
|
|
- if ( strcmp( crypt( authpass, prevcryp ), prevcryp ) == 0 )
|
|
+ crypt_result = crypt( authpass, prevcryp );
|
|
+ if ( ! crypt_result )
|
|
+ return -1;
|
|
+ if ( strcmp( crypt_result, prevcryp ) == 0 )
|
|
{
|
|
/* Ok! */
|
|
httpd_realloc_str(
|
|
@@ -1112,7 +1116,10 @@ auth_check2( httpd_conn* hc, char* dirname )
|
|
/* Yes. */
|
|
(void) fclose( fp );
|
|
/* So is the password right? */
|
|
- if ( strcmp( crypt( authpass, cryp ), cryp ) == 0 )
|
|
+ crypt_result = crypt( authpass, cryp );
|
|
+ if ( ! crypt_result )
|
|
+ return -1;
|
|
+ if ( strcmp( crypt_result, cryp ) == 0 )
|
|
{
|
|
/* Ok! */
|
|
httpd_realloc_str(
|