Crypt: fixed handling of corrupted SSHA entries in password file. Found by Coverity.

commit: 89bd5f038a570694763fd968ab471a91139b2f7f [log] [tgz]
author: Maxim Dounin <mdounin@mdounin.ru> Thu Aug 16 12:05:58 2012 +0000
committer: Maxim Dounin <mdounin@mdounin.ru> Thu Aug 16 12:05:58 2012 +0000
tree: 165f88003c0af24d1f73647d0d60feeaee4cd473
parent: 3587e2be23064ebec26c95ea26ff5080ee79a7ae [diff]
diff --git a/src/core/ngx_crypt.c b/src/core/ngx_crypt.c
index 365f9c8..b2e25b9 100644
--- a/src/core/ngx_crypt.c
+++ b/src/core/ngx_crypt.c

@@ -194,6 +194,7 @@
 ngx_crypt_ssha(ngx_pool_t *pool, u_char *key, u_char *salt, u_char **encrypted)
 {
     size_t       len;
+    ngx_int_t    rc;
     ngx_str_t    encoded, decoded;
     ngx_sha1_t   sha1;
 
@@ -204,12 +205,18 @@
     encoded.data = salt + sizeof("{SSHA}") - 1;
     encoded.len = ngx_strlen(encoded.data);
 
-    decoded.data = ngx_pnalloc(pool, ngx_base64_decoded_length(encoded.len));
+    len = ngx_max(ngx_base64_decoded_length(encoded.len), 20);
+
+    decoded.data = ngx_pnalloc(pool, len);
     if (decoded.data == NULL) {
         return NGX_ERROR;
     }
 
-    ngx_decode_base64(&decoded, &encoded);
+    rc = ngx_decode_base64(&decoded, &encoded);
+
+    if (rc != NGX_OK || decoded.len < 20) {
+        decoded.len = 20;
+    }
 
     /* update SHA1 from key and salt */
commit	89bd5f038a570694763fd968ab471a91139b2f7f	[log] [tgz]
author	Maxim Dounin <mdounin@mdounin.ru>	Thu Aug 16 12:05:58 2012 +0000
committer	Maxim Dounin <mdounin@mdounin.ru>	Thu Aug 16 12:05:58 2012 +0000
tree	165f88003c0af24d1f73647d0d60feeaee4cd473
parent	3587e2be23064ebec26c95ea26ff5080ee79a7ae [diff]