Browse Source

[mod_auth] use crypt() on encrypted password instead of extracting salt first (fixes #2483)

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2869 152afb58-edef-0310-8abb-c4023f1b3aa9
svn/tags/lighttpd-1.4.33
Stefan Bühler 9 years ago
parent
commit
0342dfef1d
  1. 1
      NEWS
  2. 55
      src/http_auth.c

1
NEWS

@ -10,6 +10,7 @@ NEWS
* [mod_fastcgi,log] support multi line logging (fixes #2252)
* call ERR_clear_error only for ssl connections in CON_STATE_ERROR
* reject non ASCII characters in HTTP header names
* [mod_auth] use crypt() on encrypted password instead of extracting salt first (fixes #2483)
- 1.4.32 - 2012-11-21
* Code cleanup with clang/sparse (fixes #2437, thx kibi)

55
src/http_auth.c

@ -645,56 +645,23 @@ static int http_auth_basic_password_compare(server *srv, mod_auth_plugin_data *p
return (strcmp(sample, password->ptr) == 0) ? 0 : 1;
} else {
#ifdef HAVE_CRYPT
char salt[32];
char *crypted;
size_t salt_len = 0;
/*
* htpasswd format
*
* user:crypted password
*/
char *crypted;
/*
* Algorithm Salt
* CRYPT_STD_DES 2-character (Default)
* CRYPT_EXT_DES 9-character
* CRYPT_MD5 12-character beginning with $1$
* CRYPT_BLOWFISH 16-character beginning with $2$
*/
if (password->used < 13 + 1) {
return -1;
}
if (password->used == 13 + 1) {
/* a simple DES password is 2 + 11 characters */
salt_len = 2;
} else if (password->ptr[0] == '$' && password->ptr[2] == '$') {
char *dollar = NULL;
if (NULL == (dollar = strchr(password->ptr + 3, '$'))) {
/* a simple DES password is 2 + 11 characters. everything else should be longer. */
if (password->used < 13 + 1) {
return -1;
}
salt_len = dollar - password->ptr;
}
if (salt_len > sizeof(salt) - 1) {
return -1;
}
strncpy(salt, password->ptr, salt_len);
salt[salt_len] = '\0';
crypted = crypt(pw, salt);
if (0 == strcmp(password->ptr, crypted)) {
return 0;
}
if (0 == (crypted = crypt(pw, password->ptr))) {
/* crypt failed. */
return -1;
}
if (0 == strcmp(password->ptr, crypted)) {
return 0;
}
#endif
}
}
} else if (p->conf.auth_backend == AUTH_BACKEND_PLAIN) {
if (0 == strcmp(password->ptr, pw)) {
return 0;

Loading…
Cancel
Save