Project

General

Profile

Actions
Copy link

Bug #2486

closed

crypt() can fail and lighttpd segfaults in such case

Added by arekm over 11 years ago. Updated over 11 years ago.

Status:
Duplicate
Priority:
Normal
Category:
mod_auth
Target version:
-
ASK QUESTIONS IN Forums:

Description

crypt() can fail and with current glibc it fails much often (when salt with unsupported algorithm is passed) or when nss module is not available (in case when glibc built with nss support).

Unfortunately lighttpd doesn't check crypt restult and for example version 1.4.xx simply segfaults in such case.

Anyone with passwd file (used by lighttpd) access can force server segfault in such case.

diff -urN lighttpd-1.4.32.org/src/http_auth.c lighttpd-1.4.32/src/http_auth.c
--- lighttpd-1.4.32.org/src/http_auth.c 2012-05-17 11:29:24.000000000 +0200
+++ lighttpd-1.4.32/src/http_auth.c     2013-06-05 19:58:07.828450230 +0200
@@ -688,6 +688,8 @@
                salt[salt_len] = '\0';

                crypted = crypt(pw, salt);
+               if (NULL == crypted)
+                       return -1;

                if (0 == strcmp(password->ptr, crypted)) {
                        return 0;

Files

lighttpd-crypt.patch (447 Bytes) lighttpd-crypt.patch 1.4.x fix arekm, 2013-06-05 20:22
Actions
Copy link
 #1

Updated by arekm over 11 years ago

Patch attached.

btw. the same issue was in apache (apr-util): https://issues.apache.org/bugzilla/show_bug.cgi?id=47272

Actions
Copy link
 #2

Updated by glen over 11 years ago

  • Status changed from New to Duplicate

this is already fixed in #2483 as r2869

Actions
Copy link
 #3

Updated by stbuehler over 11 years ago

  • Description updated (diff)
Actions
Copy link
 #4

Updated by stbuehler over 11 years ago

  • Target version deleted (1.4.x)
Actions
Copy link

Also available in: Atom