You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@apr.apache.org by bu...@apache.org on 2008/08/25 10:25:22 UTC
DO NOT REPLY [Bug 45679] SHA1 passwords starting with {SHA} don't
work and cause a minor buffer overrun
https://issues.apache.org/bugzilla/show_bug.cgi?id=45679
Bojan Smojver <bo...@rexursive.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |bojan@rexursive.com
--- Comment #1 from Bojan Smojver <bo...@rexursive.com> 2008-08-25 01:25:21 PST ---
I don't think this patch is correct. I think we should actually do this (note
that there is a tab in the first patched line, hence the diff):
Index: crypto/apr_sha1.c
===================================================================
--- crypto/apr_sha1.c (revision 685796)
+++ crypto/apr_sha1.c (working copy)
@@ -352,7 +352,8 @@
apr_byte_t digest[APR_SHA1_DIGESTSIZE];
if (strncmp(clear, APR_SHA1PW_ID, APR_SHA1PW_IDLEN) == 0) {
- clear += APR_SHA1PW_IDLEN;
+ clear += APR_SHA1PW_IDLEN;
+ len -= APR_SHA1PW_IDLEN;
}
apr_sha1_init(&context);
Does the above work for you?
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@apr.apache.org
For additional commands, e-mail: bugs-help@apr.apache.org