You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by rj...@apache.org on 2013/04/25 20:02:48 UTC
svn commit: r1475878 - in /httpd/httpd/trunk: CHANGES support/htdigest.c
Author: rjung
Date: Thu Apr 25 18:02:48 2013
New Revision: 1475878
URL: http://svn.apache.org/r1475878
Log:
htdigest: Fix buffer overflow when reading digest
password file with very long lines.
PR 54893.
Modified:
httpd/httpd/trunk/CHANGES
httpd/httpd/trunk/support/htdigest.c
Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1475878&r1=1475877&r2=1475878&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Thu Apr 25 18:02:48 2013
@@ -1,6 +1,9 @@
-*- coding: utf-8 -*-
Changes with Apache 2.5.0
+ *) htdigest: Fix buffer overflow when reading digest password file
+ with very long lines. PR 54893. [Rainer Jung]
+
*) mod_setenvif: Fix crash in case SetEnvif and SetEnvIfExpr are used
together. PR 54881. [Ruediger Pluem]
Modified: httpd/httpd/trunk/support/htdigest.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/support/htdigest.c?rev=1475878&r1=1475877&r2=1475878&view=diff
==============================================================================
--- httpd/httpd/trunk/support/htdigest.c (original)
+++ httpd/httpd/trunk/support/htdigest.c Thu Apr 25 18:02:48 2013
@@ -96,12 +96,15 @@ static int get_line(char *s, int n, apr_
char ch;
apr_status_t rv = APR_EINVAL;
- while (i < (n - 1) &&
+ /* we need 2 remaining bytes in buffer */
+ while (i < (n - 2) &&
((rv = apr_file_getc(&ch, f)) == APR_SUCCESS) && (ch != '\n')) {
s[i++] = ch;
}
+ /* First remaining byte potentially used here */
if (ch == '\n')
s[i++] = ch;
+ /* Second remaining byte used here */
s[i] = '\0';
if (rv != APR_SUCCESS)