Date: Mon, 25 Aug 2003 03:32:32 +0100 (WEST) From: Mário Freitas <sub_0@netcabo.pt> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/55944: www/squid NCSA basic auth problem - PATCH included Message-ID: <20030825023232.85A2920F2@suzy.unbreakable.homeunix.org> Resent-Message-ID: <200308250240.h7P2eCEs067033@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 55944 >Category: ports >Synopsis: www/squid NCSA basic auth problem - PATCH included >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sun Aug 24 19:40:12 PDT 2003 >Closed-Date: >Last-Modified: >Originator: Mário Freitas >Release: FreeBSD 5.1-CURRENT i386 >Organization: >Environment: System: FreeBSD suzy.unbreakable.homeunix.org 5.1-CURRENT FreeBSD 5.1-CURRENT #0: Thu Aug 21 16:04:33 WEST 2003 root@suzy.unbreakable.homeunix.org:/usr/obj/usr/src/sys/SUZY i386 >Description: I've already mailed Adrian@freebsd.org a long time ago, but I got no response so I decided to send-pr. There's a little problem with NCSA authentication which is included in www/squid: ncsa_auth.c uses stat() and it erroneously assumes the file is readable, but when it is not, the authentication program dies with a segmentation fault after using fgets on a NULL file. >How-To-Repeat: Just build the www/squid port and run ncsa_auth <some file which is not readable>. After this type enter. >Fix: --- patch-ncsa.c begins here --- --- helpers/basic_auth/NCSA/ncsa_auth.c.orig Mon Aug 12 02:13:39 2002 +++ helpers/basic_auth/NCSA/ncsa_auth.c Mon Aug 25 02:29:50 2003 @@ -79,7 +79,10 @@ fprintf(stderr, "ncsa_auth: cannot create hash table\n"); exit(1); } - f = fopen(passwdfile, "r"); + if ((f = fopen(passwdfile, "r")) == NULL) { + fprintf(stderr, "ncsa_auth: cannot open password file\n"); + exit(1); + } while (fgets(buf, 8192, f) != NULL) { if ((buf[0] == '#') || (buf[0] == ' ') || (buf[0] == '\t') || (buf[0] == '\n')) --- patch-ncsa.c ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030825023232.85A2920F2>