1 files changed, 22 insertions, 1 deletions

diff --git a/usr.sbin/httpd/src/modules/ssl/ssl_engine_kernel.c b/usr.sbin/httpd/src/modules/ssl/ssl_engine_kernel.c
index 63659252e28..8e711525a66 100644
--- a/usr.sbin/httpd/src/modules/ssl/ssl_engine_kernel.c
+++ b/usr.sbin/httpd/src/modules/ssl/ssl_engine_kernel.c
@@ -9,7 +9,7 @@
 */
 
 /* ====================================================================
- * Copyright (c) 1998-2000 Ralf S. Engelschall. All rights reserved.
+ * Copyright (c) 1998-2001 Ralf S. Engelschall. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -1098,6 +1098,9 @@ int ssl_hook_Auth(request_rec *r)
     SSLDirConfigRec *dc = myDirConfig(r);
     char b1[MAX_STRING_LEN], b2[MAX_STRING_LEN];
     char *clientdn;
+    const char *cpAL;
+    const char *cpUN;
+    const char *cpPW;
 
     /*
      * Additionally forbid access (again)
@@ -1108,6 +1111,24 @@ int ssl_hook_Auth(request_rec *r)
         return FORBIDDEN;
 
     /*
+     * Make sure the user is not able to fake the client certificate
+     * based authentication by just entering an X.509 Subject DN
+     * ("/XX=YYY/XX=YYY/..") as the username and "password" as the
+     * password.
+     */
+    if ((cpAL = ap_table_get(r->headers_in, "Authorization")) != NULL) {
+        if (strcEQ(ap_getword(r->pool, &cpAL, ' '), "Basic")) {
+            while (*cpAL == ' ' || *cpAL == '\t')
+                cpAL++;
+            cpAL = ap_pbase64decode(r->pool, cpAL);
+            cpUN = ap_getword_nulls(r->pool, &cpAL, ':');
+            cpPW = cpAL;
+            if (cpUN[0] == '/' && strEQ(cpPW, "password"))
+                return FORBIDDEN;
+        }
+    }
+
+    /*
      * We decline operation in various situations...
      */
     if (!sc->bEnabled)