| 123456789101112131415161718192021 |
- $OpenBSD: patch-extras_th_htpasswd_c,v 1.1 2014/05/06 09:00:37 jasper Exp $
- A local attacker with the ability to alter .htpasswd files could
- cause a Denial of Service in thttpd by specially-crafting them.
- CVE-2012-5640
- --- extras/th_htpasswd.c.orig Thu May 1 10:49:44 2014
- +++ extras/th_htpasswd.c Thu May 1 10:50:16 2014
- @@ -140,7 +140,10 @@ add_password( char* user, FILE* f )
- (void) srandom( (int) time( (time_t*) 0 ) );
- to64( &salt[0], random(), 2 );
- cpw = crypt( pw, salt );
- - (void) fprintf( f, "%s:%s\n", user, cpw );
- + if (cpw)
- + (void) fprintf( f, "%s:%s\n", user, cpw );
- + else
- + (void) fprintf( stderr, "crypt() returned NULL, sorry\n" );
- }
-
- static void usage(void) {
|
