Bug #1710
mod_secdownload MD5 compare should not be case sensitive
| Status: | Fixed | Start date: | ||
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: | - | % Done: | 0% | |
| Category: | mod_secdownload | |||
| Target version: | 1.5.0 | |||
| Missing in 1.5.x: |
Description
In mod_secure_download.c you check on line 143 (int is_hex_len) for a
valid case insensitive MD5. So far so good. Later in 306 there is a
strncmp (case sensitive compare) to the generated (lower case) MD5.
Unfortunatly we used uppercase MD5 so now we have to use mod_rewrite.
MD5 is a hex str so it should be no matter whether the input is lower or
upper case. So please use strncasecmp or transform the input to lower case
- tail /var/log/lighttpd/error.log
2008-07-02 13:57:42: (mod_secure_download.c.273) md5 invalid:
B382E117AFE4B8F68CCF7F53364AD9FC/486B6D31/1395698/caesariv_update_de_10_12.exe
b382e117afe4b8f68ccf7f53364ad9fc
sincerly Jan Michalowsky
-- sejamich
History
#1 Updated by stbuehler almost 5 years ago
- Status changed from New to Fixed
- Resolution set to fixed
Also available in: Atom