mirror of
https://github.com/Ponce/slackbuilds
synced 2024-10-29 18:42:51 +01:00
62 lines
2.2 KiB
Diff
62 lines
2.2 KiB
Diff
--- thttpd-2.25b/extras/htpasswd.c.orig 2006-03-31 04:12:42.281317000 +0000
|
|
+++ thttpd-2.25b/extras/htpasswd.c 2006-03-31 05:21:37.741632392 +0000
|
|
@@ -151,6 +151,7 @@ void interrupted(int signo) {
|
|
int main(int argc, char *argv[]) {
|
|
FILE *tfp,*f;
|
|
char user[MAX_STRING_LEN];
|
|
+ char pwfilename[MAX_STRING_LEN];
|
|
char line[MAX_STRING_LEN];
|
|
char l[MAX_STRING_LEN];
|
|
char w[MAX_STRING_LEN];
|
|
@@ -168,6 +169,25 @@ int main(int argc, char *argv[]) {
|
|
perror("fopen");
|
|
exit(1);
|
|
}
|
|
+ if (strlen(argv[2]) > (sizeof(pwfilename) - 1)) {
|
|
+ fprintf(stderr, "%s: filename is too long\n", argv[0]);
|
|
+ exit(1);
|
|
+ }
|
|
+ if (((strchr(argv[2], ';')) != NULL) || ((strchr(argv[2], '>')) != NULL)) {
|
|
+ fprintf(stderr, "%s: filename contains an illegal character\n",
|
|
+ argv[0]);
|
|
+ exit(1);
|
|
+ }
|
|
+ if (strlen(argv[3]) > (sizeof(user) - 1)) {
|
|
+ fprintf(stderr, "%s: username is too long\n", argv[0],
|
|
+ sizeof(user) - 1);
|
|
+ exit(1);
|
|
+ }
|
|
+ if ((strchr(argv[3], ':')) != NULL) {
|
|
+ fprintf(stderr, "%s: username contains an illegal character\n",
|
|
+ argv[0]);
|
|
+ exit(1);
|
|
+ }
|
|
printf("Adding password for %s.\n",argv[3]);
|
|
add_password(argv[3],tfp);
|
|
fclose(tfp);
|
|
@@ -180,6 +200,25 @@ int main(int argc, char *argv[]) {
|
|
exit(1);
|
|
}
|
|
|
|
+ if (strlen(argv[1]) > (sizeof(pwfilename) - 1)) {
|
|
+ fprintf(stderr, "%s: filename is too long\n", argv[0]);
|
|
+ exit(1);
|
|
+ }
|
|
+ if (((strchr(argv[1], ';')) != NULL) || ((strchr(argv[1], '>')) != NULL)) {
|
|
+ fprintf(stderr, "%s: filename contains an illegal character\n",
|
|
+ argv[0]);
|
|
+ exit(1);
|
|
+ }
|
|
+ if (strlen(argv[2]) > (sizeof(user) - 1)) {
|
|
+ fprintf(stderr, "%s: username is too long\n", argv[0],
|
|
+ sizeof(user) - 1);
|
|
+ exit(1);
|
|
+ }
|
|
+ if ((strchr(argv[2], ':')) != NULL) {
|
|
+ fprintf(stderr, "%s: username contains an illegal character\n",
|
|
+ argv[0]);
|
|
+ exit(1);
|
|
+ }
|
|
if(!(f = fopen(argv[1],"r"))) {
|
|
fprintf(stderr,
|
|
"Could not open passwd file %s for reading.\n",argv[1]);
|