thttpd/thttpd-2.25b-CVE-2012-5640-check_crypt_return_value.patch

Index: thttpd-2.25b/libhttpd.c
===================================================================
--- thttpd-2.25b.orig/libhttpd.c	2013-03-04 18:01:55.209721739 +0100
+++ thttpd-2.25b/libhttpd.c	2013-03-04 18:01:55.244722735 +0100
@@ -1024,6 +1024,7 @@ auth_check2( httpd_conn* hc, char* dirna
     static size_t maxprevuser = 0;
     static char* prevcryp;
     static size_t maxprevcryp = 0;
+    char *crypt_result;
 
     /* Construct auth filename. */
     httpd_realloc_str(
@@ -1072,7 +1073,10 @@ auth_check2( httpd_conn* hc, char* dirna
 	 strcmp( authinfo, prevuser ) == 0 )
 	{
 	/* Yes.  Check against the cached encrypted password. */
-	if ( strcmp( crypt( authpass, prevcryp ), prevcryp ) == 0 )
+        crypt_result = crypt( authpass, prevcryp );
+        if ( ! crypt_result )
+            return -1;
+	if ( strcmp( crypt_result, prevcryp ) == 0 )
 	    {
 	    /* Ok! */
 	    httpd_realloc_str(
@@ -1121,7 +1125,10 @@ auth_check2( httpd_conn* hc, char* dirna
 	    /* Yes. */
 	    (void) fclose( fp );
 	    /* So is the password right? */
-	    if ( strcmp( crypt( authpass, cryp ), cryp ) == 0 )
+            crypt_result = crypt( authpass, cryp );
+            if ( ! crypt_result )
+                return -1;
+	    if ( strcmp( crypt_result, cryp ) == 0 )
 		{
 		/* Ok! */
 		httpd_realloc_str(
Index: thttpd-2.25b/extras/htpasswd.c
===================================================================
--- thttpd-2.25b.orig/extras/htpasswd.c	2013-03-04 18:01:55.226722223 +0100
+++ thttpd-2.25b/extras/htpasswd.c	2013-03-04 18:02:15.755306445 +0100
@@ -133,7 +133,10 @@ add_password( char* user, FILE* f )
     (void) srandom( (int) time( (time_t*) 0 ) );
     to64( &salt[0], random(), 2 );
     cpw = crypt( pw, salt );
-    (void) fprintf( f, "%s:%s\n", user, cpw );
+    if (cpw)
+        (void) fprintf( f, "%s:%s\n", user, cpw );
+    else
+        (void) fprintf( stderr, "crypt() returned NULL, sorry\n" );
     }
 
 static void usage(void) {