BUG/MEDIUM: auth: fix segfault with http-auth and a configuration with an unknown encryption algorithm Grégoire Morpain reported a segfault when a secured password is used for http authentication. It was caused by the use of an unsupported encryption algorithm with libcrypto. In this case, crypt() returns a NULL pointer. The fix should be backported to 1.4 and 1.5.

commit: c82279c5fc70a6d12ab6efd61e6c9f536e5d4a3f [log] [tgz]
author: Cyril Bonté <cyril.bonte@free.fr> Fri Aug 29 20:20:01 2014 +0200
committer: Willy Tarreau <w@1wt.eu> Fri Aug 29 21:06:31 2014 +0200
tree: 89634a466cfb55da0b1700cb22ba3e5cbcd97e39
parent: aa4e32e10a126ad8370551c9ce0c65882f59d6bc [diff] [blame]
diff --git a/src/auth.c b/src/auth.c
index 1069c5b..42c0808 100644
--- a/src/auth.c
+++ b/src/auth.c

@@ -252,7 +252,7 @@
 	fprintf(stderr, ", crypt=%s\n", ep);
 #endif
 
-	if (!strcmp(ep, u->pass))
+	if (ep && strcmp(ep, u->pass) == 0)
 		return 1;
 	else
 		return 0;
commit	c82279c5fc70a6d12ab6efd61e6c9f536e5d4a3f	[log] [tgz]
author	Cyril Bonté <cyril.bonte@free.fr>	Fri Aug 29 20:20:01 2014 +0200
committer	Willy Tarreau <w@1wt.eu>	Fri Aug 29 21:06:31 2014 +0200
tree	89634a466cfb55da0b1700cb22ba3e5cbcd97e39
parent	aa4e32e10a126ad8370551c9ce0c65882f59d6bc [diff] [blame]