Bug #1710

mod_secdownload MD5 compare should not be case sensitive

Added by Anonymous over 7 years ago. Updated over 7 years ago.

Status:FixedStart date:
Priority:NormalDue date:
Assignee:-% Done:


Target version:1.5.0
Missing in 1.5.x:


In mod_secure_download.c you check on line 143 (int is_hex_len) for a
valid case insensitive MD5. So far so good. Later in 306 there is a
strncmp (case sensitive compare) to the generated (lower case) MD5.
Unfortunatly we used uppercase MD5 so now we have to use mod_rewrite.
MD5 is a hex str so it should be no matter whether the input is lower or
upper case. So please use strncasecmp or transform the input to lower case

  1. tail /var/log/lighttpd/error.log
    2008-07-02 13:57:42: (mod_secure_download.c.273) md5 invalid:

sincerly Jan Michalowsky

-- sejamich


#1 Updated by stbuehler over 7 years ago

  • Status changed from New to Fixed
  • Resolution set to fixed

Fixed in r2251 and r2252 for 1.4 and 1.5

Also available in: Atom