Project

General

Profile

0001-mod_auth-ignore-comments-and-empty-lines-in-ht-diges.patch

jmuchemb, 2011-07-26 13:35

View differences:

src/http_auth.c
149 149
	if (p->conf.auth_backend == AUTH_BACKEND_HTDIGEST) {
150 150
		stream f;
151 151
		char * f_line;
152
		size_t line_len;
152 153

  
153 154
		if (buffer_is_empty(p->conf.auth_htdigest_userfile)) return -1;
154 155

  
......
160 161

  
161 162
		f_line = f.start;
162 163

  
163
		while (f_line - f.start != f.size) {
164
			char *f_user, *f_pwd, *e, *f_realm;
165
			size_t u_len, pwd_len, r_len;
164
		while (f_line && (line_len = f.size - (f_line - f.start))) {
165
			char *f_user, *f_pwd, *f_realm;
166
			size_t u_len, r_len;
166 167

  
167 168
			f_user = f_line;
168 169

  
......
172 173
			 * user:realm:md5(user:realm:password)
173 174
			 */
174 175

  
175
			if (NULL == (f_realm = memchr(f_user, ':', f.size - (f_user - f.start) ))) {
176
			if ((f_line = memchr(f_user, '\n', line_len)))
177
				line_len = f_line++ - f_user;
178
			/* ignore comments and empty lines */
179
			if (!line_len || f_user[0] == '#')
180
				continue;
181

  
182
			if (NULL == (f_realm = memchr(f_user, ':', line_len))) {
176 183
				log_error_write(srv, __FILE__, __LINE__, "sbs",
177 184
						"parsed error in", p->conf.auth_htdigest_userfile,
178 185
						"expected 'username:realm:hashed password'");
......
181 188

  
182 189
				return -1;
183 190
			}
191
			u_len = f_realm - f_user;
192
			f_realm++;
184 193

  
185
			if (NULL == (f_pwd = memchr(f_realm + 1, ':', f.size - (f_realm + 1 - f.start)))) {
194
			if (NULL == (f_pwd = memchr(f_realm, ':', line_len - u_len - 1))) {
186 195
				log_error_write(srv, __FILE__, __LINE__, "sbs",
187 196
						"parsed error in", p->conf.auth_plain_userfile,
188 197
						"expected 'username:realm:hashed password'");
......
191 200

  
192 201
				return -1;
193 202
			}
194

  
195
			/* get pointers to the fields */
196
			u_len = f_realm - f_user;
197
			f_realm++;
198 203
			r_len = f_pwd - f_realm;
199 204
			f_pwd++;
200 205

  
201
			if (NULL != (e = memchr(f_pwd, '\n', f.size - (f_pwd - f.start)))) {
202
				pwd_len = e - f_pwd;
203
			} else {
204
				pwd_len = f.size - (f_pwd - f.start);
205
			}
206

  
207 206
			if (username->used - 1 == u_len &&
208 207
			    (realm->used - 1 == r_len) &&
209 208
			    (0 == strncmp(username->ptr, f_user, u_len)) &&
210 209
			    (0 == strncmp(realm->ptr, f_realm, r_len))) {
211 210
				/* found */
212 211

  
213
				buffer_copy_string_len(password, f_pwd, pwd_len);
212
				buffer_copy_string_len(password, f_pwd, line_len - (f_pwd - f_user));
214 213

  
215 214
				ret = 0;
216 215
				break;
217 216
			}
218

  
219
			/* EOL */
220
			if (!e) break;
221

  
222
			f_line = e + 1;
223 217
		}
224 218

  
225 219
		stream_close(&f);
......
228 222
		stream f;
229 223
		char * f_line;
230 224
		buffer *auth_fn;
225
		size_t line_len;
231 226

  
232 227
		auth_fn = (p->conf.auth_backend == AUTH_BACKEND_HTPASSWD) ? p->conf.auth_htpasswd_userfile : p->conf.auth_plain_userfile;
233 228

  
......
242 237

  
243 238
		f_line = f.start;
244 239

  
245
		while (f_line - f.start != f.size) {
246
			char *f_user, *f_pwd, *e;
247
			size_t u_len, pwd_len;
240
		while (f_line && (line_len = f.size - (f_line - f.start))) {
241
			char *f_user, *f_pwd;
242
			size_t u_len;
248 243

  
249 244
			f_user = f_line;
250 245

  
......
254 249
			 * user:crypted passwd
255 250
			 */
256 251

  
257
			if (NULL == (f_pwd = memchr(f_user, ':', f.size - (f_user - f.start) ))) {
252
			if ((f_line = memchr(f_user, '\n', line_len)))
253
				line_len = f_line++ - f_user;
254
			/* ignore comments and empty lines */
255
			if (!line_len || f_user[0] == '#')
256
				continue;
257

  
258
			if (NULL == (f_pwd = memchr(f_user, ':', line_len))) {
258 259
				log_error_write(srv, __FILE__, __LINE__, "sbs",
259 260
						"parsed error in", auth_fn,
260 261
						"expected 'username:hashed password'");
......
268 269
			u_len = f_pwd - f_user;
269 270
			f_pwd++;
270 271

  
271
			if (NULL != (e = memchr(f_pwd, '\n', f.size - (f_pwd - f.start)))) {
272
				pwd_len = e - f_pwd;
273
			} else {
274
				pwd_len = f.size - (f_pwd - f.start);
275
			}
276

  
277 272
			if (username->used - 1 == u_len &&
278 273
			    (0 == strncmp(username->ptr, f_user, u_len))) {
279 274
				/* found */
280 275

  
281
				buffer_copy_string_len(password, f_pwd, pwd_len);
276
				buffer_copy_string_len(password, f_pwd, line_len - (f_pwd - f_user));
282 277

  
283 278
				ret = 0;
284 279
				break;
285 280
			}
286

  
287
			/* EOL */
288
			if (!e) break;
289

  
290
			f_line = e + 1;
291 281
		}
292 282

  
293 283
		stream_close(&f);
tests/lighttpd.htpasswd
1
# some comment
1 2
des:12tMnfw882VDQ
3

  
2 4
md5:$1$md5$kIa7Juuiv8zja0ILQPR36/
3
-