thttpd/thttpd-2.25b-CVE-2012-5640-check_crypt_return_value.patch

Index: thttpd-2.25b/libhttpd.c
===================================================================
--- thttpd-2.25b.orig/libhttpd.c	2013-03-04 18:01:55.209721739 +0100
+++ thttpd-2.25b/libhttpd.c	2013-03-04 18:01:55.244722735 +0100
@@ -1024,6 +1024,7 @@ auth_check2( httpd_conn* hc, char* dirna
     static size_t maxprevuser = 0;
     static char* prevcryp;
     static size_t maxprevcryp = 0;
+    char *crypt_result;
 
     /* Construct auth filename. */
     httpd_realloc_str(
@@ -1072,7 +1073,10 @@ auth_check2( httpd_conn* hc, char* dirna
 	 strcmp( authinfo, prevuser ) == 0 )
 	{
 	/* Yes.  Check against the cached encrypted password. */
-	if ( strcmp( crypt( authpass, prevcryp ), prevcryp ) == 0 )
+        crypt_result = crypt( authpass, prevcryp );
+        if ( ! crypt_result )
+            return -1;
+	if ( strcmp( crypt_result, prevcryp ) == 0 )
 	    {
 	    /* Ok! */
 	    httpd_realloc_str(
@@ -1121,7 +1125,10 @@ auth_check2( httpd_conn* hc, char* dirna
 	    /* Yes. */
 	    (void) fclose( fp );
 	    /* So is the password right? */
-	    if ( strcmp( crypt( authpass, cryp ), cryp ) == 0 )
+            crypt_result = crypt( authpass, cryp );
+            if ( ! crypt_result )
+                return -1;
+	    if ( strcmp( crypt_result, cryp ) == 0 )
 		{
 		/* Ok! */
 		httpd_realloc_str(
Index: thttpd-2.25b/extras/htpasswd.c
===================================================================
--- thttpd-2.25b.orig/extras/htpasswd.c	2013-03-04 18:01:55.226722223 +0100
+++ thttpd-2.25b/extras/htpasswd.c	2013-03-04 18:02:15.755306445 +0100
@@ -133,7 +133,10 @@ add_password( char* user, FILE* f )
     (void) srandom( (int) time( (time_t*) 0 ) );
     to64( &salt[0], random(), 2 );
     cpw = crypt( pw, salt );
-    (void) fprintf( f, "%s:%s\n", user, cpw );
+    if (cpw)
+        (void) fprintf( f, "%s:%s\n", user, cpw );
+    else
+        (void) fprintf( stderr, "crypt() returned NULL, sorry\n" );
     }
 
 static void usage(void) {
Accepting request 157355 from home:vitezslav_cizek:branches:server:http - added checks for crypt() return value (CVE-2012-5640) (bnc#783165) * thttpd-2.25b-CVE-2012-5640-check_crypt_return_value.patch OBS-URL: https://build.opensuse.org/request/show/157355 OBS-URL: https://build.opensuse.org/package/show/server:http/thttpd?expand=0&rev=15 2013-03-07 17:55:37 +01:00			`Index: thttpd-2.25b/libhttpd.c`
			`===================================================================`
			`--- thttpd-2.25b.orig/libhttpd.c 2013-03-04 18:01:55.209721739 +0100`
			`+++ thttpd-2.25b/libhttpd.c 2013-03-04 18:01:55.244722735 +0100`
			`@@ -1024,6 +1024,7 @@ auth_check2( httpd_conn* hc, char* dirna`
			`static size_t maxprevuser = 0;`
			`static char* prevcryp;`
			`static size_t maxprevcryp = 0;`
			`+ char *crypt_result;`

			`/* Construct auth filename. */`
			`httpd_realloc_str(`
			`@@ -1072,7 +1073,10 @@ auth_check2( httpd_conn* hc, char* dirna`
			`strcmp( authinfo, prevuser ) == 0 )`
			`{`
			`/* Yes. Check against the cached encrypted password. */`
			`- if ( strcmp( crypt( authpass, prevcryp ), prevcryp ) == 0 )`
			`+ crypt_result = crypt( authpass, prevcryp );`
			`+ if ( ! crypt_result )`
			`+ return -1;`
			`+ if ( strcmp( crypt_result, prevcryp ) == 0 )`
			`{`
			`/* Ok! */`
			`httpd_realloc_str(`
			`@@ -1121,7 +1125,10 @@ auth_check2( httpd_conn* hc, char* dirna`
			`/* Yes. */`
			`(void) fclose( fp );`
			`/* So is the password right? */`
			`- if ( strcmp( crypt( authpass, cryp ), cryp ) == 0 )`
			`+ crypt_result = crypt( authpass, cryp );`
			`+ if ( ! crypt_result )`
			`+ return -1;`
			`+ if ( strcmp( crypt_result, cryp ) == 0 )`
			`{`
			`/* Ok! */`
			`httpd_realloc_str(`
			`Index: thttpd-2.25b/extras/htpasswd.c`
			`===================================================================`
			`--- thttpd-2.25b.orig/extras/htpasswd.c 2013-03-04 18:01:55.226722223 +0100`
			`+++ thttpd-2.25b/extras/htpasswd.c 2013-03-04 18:02:15.755306445 +0100`
			`@@ -133,7 +133,10 @@ add_password( char* user, FILE* f )`
			`(void) srandom( (int) time( (time_t*) 0 ) );`
			`to64( &salt[0], random(), 2 );`
			`cpw = crypt( pw, salt );`
			`- (void) fprintf( f, "%s:%s\n", user, cpw );`
			`+ if (cpw)`
			`+ (void) fprintf( f, "%s:%s\n", user, cpw );`
			`+ else`
			`+ (void) fprintf( stderr, "crypt() returned NULL, sorry\n" );`
			`}`

			`static void usage(void) {`