Modify

Opened 7 years ago

Closed 7 years ago

#1391 closed defect (fixed)

Wrong code @ htfile.py

Reported by: Tomas Zilinskas Owned by: mgood
Priority: normal Component: AccountManagerPlugin
Severity: normal Keywords: code error login
Cc: Trac Release: 0.10

Description

An error seems to exist in TRUNC (and lower) version.

file: htfile.py
line: 63
content: line[len(prefix):-1]
reason: the remaining part of line is read until one symbol remains. This effectively "trims" hash being read and fails to log the user in.
fix: line[len(prefix):len(line)]
effect: the remaining part of the line is read until EOLN.
the error affects at least HTPasswd; the fix allowed me to login using both MD5 and SHA1 hashes.

Attachments (0)

Change History (3)

comment:1 Changed 7 years ago by mgood

  • Status changed from new to assigned

If you run the unit tests (python setup.py test) you'll find that the tests will fail with that change. That piece of code is meant to "trim" the newline at the end of each line since it should not be part of the hash. However, your file appears to be missing a newline on the last line of the file. Both this plugin and the htpasswd tool should generate files ending in a newline, but I'll commit a workaround in case the file is missing this.

comment:2 Changed 7 years ago by mgood

  • Priority changed from highest to normal
  • Severity changed from blocker to normal

comment:3 Changed 7 years ago by mgood

  • Resolution set to fixed
  • Status changed from assigned to closed

(In [2128]) make sure not to trim hash if it does not end in a newline (fixes #1391)

Add Comment

Modify Ticket

Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.