Project

General

Profile

Actions

Bug #2486

closed

crypt() can fail and lighttpd segfaults in such case

Added by arekm almost 11 years ago. Updated almost 11 years ago.

Status:
Duplicate
Priority:
Normal
Category:
mod_auth
Target version:
-
ASK QUESTIONS IN Forums:

Description

crypt() can fail and with current glibc it fails much often (when salt with unsupported algorithm is passed) or when nss module is not available (in case when glibc built with nss support).

Unfortunately lighttpd doesn't check crypt restult and for example version 1.4.xx simply segfaults in such case.

Anyone with passwd file (used by lighttpd) access can force server segfault in such case.

diff -urN lighttpd-1.4.32.org/src/http_auth.c lighttpd-1.4.32/src/http_auth.c
--- lighttpd-1.4.32.org/src/http_auth.c 2012-05-17 11:29:24.000000000 +0200
+++ lighttpd-1.4.32/src/http_auth.c     2013-06-05 19:58:07.828450230 +0200
@@ -688,6 +688,8 @@
                salt[salt_len] = '\0';

                crypted = crypt(pw, salt);
+               if (NULL == crypted)
+                       return -1;

                if (0 == strcmp(password->ptr, crypted)) {
                        return 0;

Files

lighttpd-crypt.patch (447 Bytes) lighttpd-crypt.patch 1.4.x fix arekm, 2013-06-05 20:22
Actions #1

Updated by arekm almost 11 years ago

Patch attached.

btw. the same issue was in apache (apr-util): https://issues.apache.org/bugzilla/show_bug.cgi?id=47272

Actions #2

Updated by glen almost 11 years ago

  • Status changed from New to Duplicate

this is already fixed in #2483 as r2869

Actions #3

Updated by stbuehler almost 11 years ago

  • Description updated (diff)
Actions #4

Updated by stbuehler almost 11 years ago

  • Target version deleted (1.4.x)
Actions

Also available in: Atom