From c92496720d21ea7888187a8ae305c392d4fe824a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Stefan=20B=C3=BChler?= <stbuehler@web.de>
Date: Thu, 12 Feb 2015 06:39:39 +0000
Subject: [PATCH 26/29] [mod_auth] use crypt_r instead of crypt if available
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2986 152afb58-edef-0310-8abb-c4023f1b3aa9
---
 NEWS               |  1 +
 configure.ac       | 22 +++++++++++++++-------
 src/CMakeLists.txt | 12 +++++++++---
 src/config.h.cmake |  3 ++-
 src/http_auth.c    | 10 +++++++++-
 5 files changed, 36 insertions(+), 12 deletions(-)

diff --git a/NEWS b/NEWS
index ddb370d..59fd4f6 100644
--- a/NEWS
+++ b/NEWS
@@ -16,6 +16,7 @@ NEWS
   * [connections] fix bug in connection state handling
   * print backtrace in assert logging with libunwind
   * major refactoring of internal buffer/chunk handling
+  * [mod_auth] use crypt_r instead of crypt if available
 
 - 1.4.35 - 2014-03-12
   * [network/ssl] fix build error if TLSEXT is disabled
diff --git a/configure.ac b/configure.ac
index c846d1a..16e66d6 100644
--- a/configure.ac
+++ b/configure.ac
@@ -528,19 +528,27 @@ if test "$WITH_LUA" != "no"; then
  AC_SUBST(LUA_LIBS)
 fi
 
+dnl search for crypt_r and (fallback) for crypt
 save_LIBS=$LIBS
-AC_SEARCH_LIBS(crypt,crypt,[
+LIBS=
+AC_SEARCH_LIBS([crypt_r],[crypt],[
+  AC_DEFINE([HAVE_CRYPT_R], [1], [crypt_r])
   AC_CHECK_HEADERS([crypt.h],[
-    AC_DEFINE([HAVE_CRYPT_H], [1])
+    AC_DEFINE([HAVE_CRYPT_H], [1], [crypt.h])
   ])
 
-  AC_DEFINE([HAVE_LIBCRYPT], [1], [libcrypt])
-  if test "$ac_cv_search_crypt" != no; then
-    test "$ac_cv_search_crypt" = "none required" || CRYPT_LIB="$ac_cv_search_crypt"
-  fi
+  CRYPT_LIB=$LIBS
+],[
+  AC_SEARCH_LIBS([crypt],[crypt],[
+    AC_CHECK_HEADERS([crypt.h],[
+      AC_DEFINE([HAVE_CRYPT_H], [1], [crypt.h])
+    ])
+
+    CRYPT_LIB=$LIBS
+  ])
 ])
 LIBS=$save_LIBS
-AC_SUBST(CRYPT_LIB)
+AC_SUBST([CRYPT_LIB])
 
 save_LIBS=$LIBS
 AC_SEARCH_LIBS(sendfilev,sendfile,[
diff --git a/src/http_auth.c b/src/http_auth.c
index a98ea62..dacf70a 100644
--- a/src/http_auth.c
+++ b/src/http_auth.c
@@ -669,15 +669,23 @@ static int http_auth_basic_password_compare(server *srv, mod_auth_plugin_data *p
 			return (strcmp(sample, password->ptr) == 0) ? 0 : 1;
 #endif
 		} else {
-#ifdef HAVE_CRYPT
+#if defined(HAVE_CRYPT_R) || defined(HAVE_CRYPT)
 			char *crypted;
+#if defined(HAVE_CRYPT_R)
+			struct crypt_data crypt_tmp_data;
+			crypt_tmp_data.initialized = 0;
+#endif
 
 			/* a simple DES password is 2 + 11 characters. everything else should be longer. */
 			if (buffer_string_length(password) < 13) {
 				return -1;
 			}
 
+#if defined(HAVE_CRYPT_R)
+			if (0 == (crypted = crypt_r(pw, password->ptr, &crypt_tmp_data))) {
+#else
 			if (0 == (crypted = crypt(pw, password->ptr))) {
+#endif
 				/* crypt failed. */
 				return -1;
 			}
-- 
2.4.5