You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by Randy Terbush <ra...@hyperreal.com> on 1997/01/12 01:45:56 UTC
cvs commit: apache/src mod_cookies.c
randy 97/01/11 16:45:55
Branch: src RELEASE_1_1_X
Modified: src mod_cookies.c
Log:
Fix a buffer overflow problem which could allow unauthorized access.
Reviewed by: Marc Slemko, Randy Terbush, Ben Laurie
Submitted by: Alfred Huger <ah...@secnet.com>
Revision Changes Path
1.9.2.2 +4 -1 apache/src/Attic/mod_cookies.c
Index: mod_cookies.c
===================================================================
RCS file: /export/home/cvs/apache/src/Attic/mod_cookies.c,v
retrieving revision 1.9.2.1
retrieving revision 1.9.2.2
diff -C3 -r1.9.2.1 -r1.9.2.2
*** mod_cookies.c 1996/07/04 13:04:22 1.9.2.1
--- mod_cookies.c 1997/01/12 00:45:54 1.9.2.2
***************
*** 119,125 ****
void make_cookie(request_rec *r)
{
struct timeval tv;
! char new_cookie[100]; /* blurgh */
char *dot;
const char *rname = pstrdup(r->pool,
get_remote_host(r->connection, r->per_dir_config,
--- 119,125 ----
void make_cookie(request_rec *r)
{
struct timeval tv;
! char new_cookie[1024]; /* blurgh */
char *dot;
const char *rname = pstrdup(r->pool,
get_remote_host(r->connection, r->per_dir_config,
***************
*** 128,133 ****
--- 128,136 ----
struct timezone tz = { 0 , 0 };
if ((dot = strchr(rname,'.'))) *dot='\0'; /* First bit of hostname */
+ if (strlen (rname) > 255)
+ rname[256] = 0;
+
gettimeofday(&tv, &tz);
sprintf(new_cookie,"%s%s%d%ld%d; path=/",
COOKIE_NAME, rname,