Bug 818684 - PATCH: properly deal with crypt() returning NULL
Summary: PATCH: properly deal with crypt() returning NULL
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: httpd
Version: 17
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Joe Orton
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks: 819650
TreeView+ depends on / blocked
 
Reported: 2012-05-03 18:13 UTC by Paul Wouters
Modified: 2013-05-29 09:32 UTC (History)
3 users (show)

Fixed In Version: httpd-2.4.2-14.fc18
Doc Type: Bug Fix
Doc Text:
Clone Of:
: 819650 (view as bug list)
Environment:
Last Closed: 2013-05-29 09:32:26 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)
patch hanlding crypt() returning NULL (3.06 KB, patch)
2012-05-03 18:13 UTC, Paul Wouters 		no flags Details | Diff
View All

Description Paul Wouters 2012-05-03 18:13:41 UTC 
Created attachment 581918 [details]
patch hanlding crypt() returning NULL

Description of problem:
httpd does not check if crypt() or crypt_r() returns NULL, which it can do in certain situations (mostly when in FIPS mode and smoe hashing algo like MD5 is not allowed)

Version-Release number of selected component (if applicable):
2.2.22-4

Attached patch resolves this,
Comment 1 Joe Orton 2012-06-06 14:21:13 UTC 
Thanks for this, Paul.  Pushed upstream with addition of error messages for httpd:

http://svn.apache.org/viewvc?view=revision&revision=1346905

The apr-util changes were already on trunk, so I backported those too.
Comment 2 Joe Orton 2012-06-06 14:35:58 UTC 
Commit: http://pkgs.fedoraproject.org/gitweb/?p=httpd.git;a=commitdiff;h=5fac30f680d5494fd2a4af287270ac7e397414e3
Package: httpd-2.4.2-14.fc18
Build: https://koji.fedoraproject.org/koji/buildinfo?buildID=322334
Comment 3 Joe Orton 2013-05-29 09:32:26 UTC 
This is fixed in F18.  Given this is a relatively obscure case, no plans to backport to f17.
Note You need to log in before you can comment on or make changes to this bug.