Hi, just reposting this patch. Cheers, -Thom -- Thom May -> [EMAIL PROTECTED]
<Gman> hum, I wonder if the cargo bar is looking for staff? <thom> gman: cargo bar sydney has an insane staff turn over rate :) <jdub> yeah, for turning over in the morning and seeing what you've woken up with. <hadess> jdub woke up with Gman in his bed :P Index: htpasswd.c =================================================================== RCS file: /home/cvspublic/httpd-2.0/support/htpasswd.c,v retrieving revision 1.43 diff -u -u -r1.43 htpasswd.c --- htpasswd.c 16 May 2002 19:57:11 -0000 1.43 +++ htpasswd.c 17 May 2002 07:43:49 -0000 @@ -77,6 +77,7 @@ * 5: Failure; buffer would overflow (username, filename, or computed * record too long) * 6: Failure; username contains illegal or reserved characters + * 7: Failure: file is not a valid htpasswd file */ #include "apr.h" @@ -133,6 +134,7 @@ #define ERR_INTERRUPTED 4 #define ERR_OVERFLOW 5 #define ERR_BADUSER 6 +#define ERR_INVALID 7 /* * This needs to be declared statically so the signal handler can @@ -582,6 +584,39 @@ perror("fopen"); exit(ERR_FILEPERM); } + /* + * Now we need to confirm that this is a valid htpasswd file + */ + if (! newfile){ + + fpw = fopen(pwfilename, "r"); + while (! (get_line(line, sizeof(line), fpw))) { + char *testcolon; + + if ((line[0] == '#') || (line[0] == '\0')) { + continue; + } + testcolon = strchr(line, ':'); + if (testcolon != NULL){ + /* + * We got a valid line. keep going + */ + continue; + } + else { + /* + * no colon in the line, and it's not a comment + * Time to bail out before we do damage. + */ + fprintf(stderr, "%s: The file %s does not appear " + "to be a valid htpasswd file.\n", + argv[0], pwfilename); + fclose(fpw); + exit(ERR_INVALID); + } + } + fclose(fpw); + } } /* @@ -678,7 +713,7 @@ /* * The temporary file now contains the information that should be * in the actual password file. Close the open files, re-open them - * in the appropriate mode, and copy them file to the real one. + * in the appropriate mode, and copy the temp file to the real one. */ fclose(ftemp); fpw = fopen(pwfilename, "w+");