[Patch] Add check for valid file to htpasswd

[Thom May]

As the topic. My ultimate (ie, next week) aim is to apr-ise htpasswd fully,
unless there is a reason this wasn't done originally?
Cheers
-Thom
-- 
Thom May -> [EMAIL PROTECTED]

"We shall not make Britain's mistakes. Too wise to try to rule the world,
we shall merely own it".
--Ludwell Denny

Index: htpasswd.c
===================================================================
RCS file: /home/cvspublic/httpd-2.0/support/htpasswd.c,v
retrieving revision 1.42
diff -u -u -r1.42 htpasswd.c
--- htpasswd.c  10 May 2002 18:20:29 -0000      1.42
+++ htpasswd.c  16 May 2002 13:13:05 -0000
@@ -77,6 +77,7 @@
  *  5: Failure; buffer would overflow (username, filename, or computed
  *     record too long)
  *  6: Failure; username contains illegal or reserved characters
+ *  7: Failure: file is not a valid htpasswd file
  */
 
 #include "apr.h"
@@ -133,6 +134,7 @@
 #define ERR_INTERRUPTED 4
 #define ERR_OVERFLOW 5
 #define ERR_BADUSER 6
+#define ERR_INVALID 7
 
 /*
  * This needs to be declared statically so the signal handler can
@@ -582,6 +584,42 @@
            perror("fopen");
            exit(ERR_FILEPERM);
        }
+        /*
+         * Now we need to confirm that this is a valid htpasswd file
+         */
+        if (! newfile){
+            char tmp[MAX_STRING_LEN];
+
+            fpw = fopen(pwfilename, "r");
+            while (! (get_line(line, sizeof(line), fpw))) {
+                    char *testcolon;
+                    
+                    if ((line[0] == '#') || (line[0] == '\0')) {
+                            continue;
+                    }
+                    strcpy(tmp, line);
+                    testcolon = strchr(tmp, ':');
+                    if (testcolon != NULL){
+                            /*
+                             * We got a valid line. keep going
+                             */
+                            continue;
+                    }
+                    else {
+                            /*
+                             * no colon in the line, and it's not a comment
+                             * Time to bail out before we do damage.
+                             */
+                            fprintf(stderr, "%s: The file %s does not appear "
+                                            "to be a valid htpasswd file.\n",
+                                            argv[0], pwfilename);
+                            fclose(fpw);
+                            exit(ERR_INVALID);
+                    }
+            }
+            fclose(fpw);
+        }
+                                    
     }
 
     /*
@@ -678,7 +716,7 @@
     /*
      * The temporary file now contains the information that should be
      * in the actual password file.  Close the open files, re-open them
-     * in the appropriate mode, and copy them file to the real one.
+     * in the appropriate mode, and copy the temp file to the real one.
      */
     fclose(ftemp);
     fpw = fopen(pwfilename, "w+");