diff options
author | trawick <trawick@13f79535-47bb-0310-9956-ffa450edef68> | 2002-05-10 19:10:58 +0000 |
---|---|---|
committer | trawick <trawick@13f79535-47bb-0310-9956-ffa450edef68> | 2002-05-10 19:10:58 +0000 |
commit | 59e107a68ec89ab9540337a2511fd095291ca31f (patch) | |
tree | d014adb65ce0f706c8da19cd6a1f2311ebc776f9 /passwd | |
parent | a35597057c197e34c506a8c1a9a7f4041f8b1c98 (diff) | |
download | libapr-59e107a68ec89ab9540337a2511fd095291ca31f.tar.gz |
Linux, AIX: Use crypt_r() instead of crypt() because the native
crypt() is not thread-safe. The misuse of crypt() led to
intermittent failures with Apache basic authentication when crypt
passwords were being used.
git-svn-id: http://svn.apache.org/repos/asf/apr/apr/trunk@63385 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'passwd')
-rw-r--r-- | passwd/apr_md5.c | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/passwd/apr_md5.c b/passwd/apr_md5.c index 2c21eee8e..76a16b494 100644 --- a/passwd/apr_md5.c +++ b/passwd/apr_md5.c @@ -699,7 +699,28 @@ APR_DECLARE(apr_status_t) apr_password_validate(const char *passwd, */ #if defined(WIN32) || defined(BEOS) || defined(NETWARE) apr_cpystrn(sample, passwd, sizeof(sample) - 1); +#elif defined(CRYPT_R_CRYPTD) + CRYPTD buffer; + + crypt_pw = crypt_r(passwd, hash, &buffer); + apr_cpystrn(sample, crypt_pw, sizeof(sample) - 1); +#elif defined(CRYPT_R_STRUCT_CRYPT_DATA) + struct crypt_data buffer; + + /* having to clear this seems bogus... GNU doc is + * confusing... user report found from google says + * the crypt_data struct had to be cleared to get + * the same result as plain crypt() + */ + memset(&buffer, 0, sizeof(buffer)); + crypt_pw = crypt_r(passwd, hash, &buffer); + apr_cpystrn(sample, crypt_pw, sizeof(sample) - 1); #else + /* XXX if this is a threaded build, we should hold a mutex + * around the next two lines... but note that on some + * platforms (e.g., Solaris, HP-UX) crypt() returns a + * pointer to thread-specific data + */ crypt_pw = crypt(passwd, hash); apr_cpystrn(sample, crypt_pw, sizeof(sample) - 1); #endif |