From owner-freebsd-ports Wed Feb 5 12:20:10 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id MAA08770 for ports-outgoing; Wed, 5 Feb 1997 12:20:10 -0800 (PST) Received: (from gnats@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id MAA08761; Wed, 5 Feb 1997 12:20:05 -0800 (PST) Resent-Date: Wed, 5 Feb 1997 12:20:05 -0800 (PST) Resent-Message-Id: <199702052020.MAA08761@freefall.freebsd.org> Resent-From: gnats (GNATS Management) Resent-To: freebsd-ports Resent-Reply-To: FreeBSD-gnats@freefall.FreeBSD.org, Received:(from nobody@localhost) by.freefall.freebsd.org.id.MAA08258;Wed; (8.8.5/8.8.5);, 5 Feb 1997 12:11:24.-0800 (PST) Message-Id: <199702052011.MAA08258@freefall.freebsd.org> Date: Wed, 5 Feb 1997 12:11:24 -0800 (PST) From: pgiffuni@fps.biblos.unal.edu.co To: freebsd-gnats-submit@freebsd.org X-Send-Pr-Version: www-1.0 Subject: ports/2669: Fix for W3c-httpd 3.0relevant patch must be included a Sender: owner-ports@freebsd.org X-Loop: FreeBSD.org Precedence: bulk >Number: 2669 >Category: ports >Synopsis: Fix for W3c-httpd 3.0relevant patch must be included a >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-ports >State: open >Class: change-request >Submitter-Id: current-users >Arrival-Date: Wed Feb 5 12:20:02 PST 1997 >Last-Modified: >Originator: Pedro Giffuni S. >Organization: Universidad Nacional de Colombia >Release: 2.1.5 Release >Environment: Non relevant >Description: User Sergei Vnotchenko , reported and solved a problem with W3C-httpd's passwords. The relevant patch must be included as patch-bc in our distribution >How-To-Repeat: >Fix: *** Daemon/Implementation/HTPasswd.c.orig Wed Feb 5 13:54:35 1997 --- Daemon/Implementation/HTPasswd.c Wed Feb 5 14:14:34 1997 *************** *** 77,82 **** --- 77,83 ---- ** string at once, but then again, we are not that paranoid ** about the security inside the machine. ** + NOTE: MD5: 28 characters (8 - setting, 20 - crypted password) */ PUBLIC char *HTAA_encryptPasswd ARGS1(CONST char *, password) { *************** *** 101,107 **** strncpy(chunk, cur, 8); chunk[8] = (char)0; ! tmp = crypt((char*)password, salt); /*crypt() doesn't change its args*/ strcat(result, tmp); cur += 8; --- 102,108 ---- strncpy(chunk, cur, 8); chunk[8] = (char)0; ! tmp = crypt((char*)chunk , salt); /*crypt() doesn't change its args*/ strcat(result, tmp); cur += 8; *************** *** 139,149 **** --- 140,163 ---- char *result; int len; int status; + #ifdef MD5 + char salt[9]; + #else + char salt[3]; + #endif + char chunk[9]; + CONST char *cur1 = password; + CONST char *cur2 = encrypted; + char *tmp; if (!password || !encrypted) return NO; + #ifdef MD5 + len = 28*(((int)strlen(password)+7)/8); + #else len = 13*(((int)strlen(password)+7)/8); + #endif if (len < (int)strlen(encrypted)) return NO; *************** *** 152,176 **** *result = (char)0; while (len > 0) { - char salt[3]; - char chunk[9]; - CONST char *cur1 = password; - CONST char *cur2 = encrypted; - char *tmp; salt[0] = *cur2; salt[1] = *(cur2+1); salt[2] = (char)0; strncpy(chunk, cur1, 8); chunk[8] = (char)0; ! tmp = crypt((char*)password, salt); strcat(result, tmp); cur1 += 8; cur2 += 13; len -= 13; } /* while */ status = strncmp(result, encrypted, strlen(encrypted)); --- 166,195 ---- *result = (char)0; while (len > 0) { + #ifdef MD5 + for(status=0;status<8;status++) salt[status]=cur2[status]; + salt[8]=0; + #else salt[0] = *cur2; salt[1] = *(cur2+1); salt[2] = (char)0; + #endif strncpy(chunk, cur1, 8); chunk[8] = (char)0; ! tmp = crypt((char*)chunk, salt); strcat(result, tmp); cur1 += 8; + #ifdef MD5 + cur2 += 28; + len -= 28; + #else cur2 += 13; len -= 13; + #endif } /* while */ status = strncmp(result, encrypted, strlen(encrypted)); *************** *** 289,292 **** --- 308,313 ---- if (status == EOF) return NO; /* We traversed to the end without luck */ else return YES; /* The user was found */ } + + >Audit-Trail: >Unformatted: