You are viewing a plain text version of this content. The canonical link for it is here.

Posted to c-dev@axis.apache.org by "Senaka Fernando (JIRA)" <ji...@apache.org> on 2008/02/08 18:28:07 UTC

[jira] Resolved: (AXIS2C-974) Buffer overflow in HTTP Authentication client (with solution)

     [ https://issues.apache.org/jira/browse/AXIS2C-974?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Senaka Fernando resolved AXIS2C-974.
------------------------------------

    Resolution: Fixed
      Assignee: Senaka Fernando

Hi Stefano,

I solved your problem one. Problem two is not an issue. Please refer rfc2617, at [1] for a better explanation.

Try,
axutil_base64_encode (encoded, "Aladdin:open sesame", strlen("Aladdin") + strlen("open sesame") + 1);
and then, encoded = [QWxhZGRpbjpvcGVuIHNlc2FtZQ==]

But,
axutil_base64_encode (encoded, "Aladdin:open sesame", strlen("Aladdin") + strlen("open sesame") + 2);
and then, encoded = [QWxhZGRpbjpvcGVuIHNlc2FtZQA=]

Problem three is already addressed. We do have a separate Digest Auth Implementation. Read through http_sender.c.

[1] http://www.rfc.net/rfc2617.html#p5

Many thanks for your concern.

Regards,
Senaka

> Buffer overflow in HTTP Authentication client (with solution)
> -------------------------------------------------------------
>
>                 Key: AXIS2C-974
>                 URL: https://issues.apache.org/jira/browse/AXIS2C-974
>             Project: Axis2-C
>          Issue Type: Bug
>          Components: transport/http
>    Affects Versions: 1.2.0, Current (Nightly), 1.3.0
>         Environment: Axis + Visual C++ 6
>            Reporter: Stefano Pettini
>            Assignee: Senaka Fernando
>            Priority: Critical
>             Fix For: 1.2.0, 1.3.0
>
>
> Bug is present in 1.3.0-RC1 announced by Dinesh on 7/2/2008 too.
> In file /src/core/transport/http/sender/http_sender.c, functions axis2_http_sender_configure_http_basic_auth and axis2_http_sender_configure_proxy_basic_auth use sprintf without allocating enough bytes to hold the null string terminator.
> Line 1295, int plen = axutil_strlen (uname) + axutil_strlen (passwd) + 1 is not correct, should be +2.
> Line 1302, elen = axutil_base64_encode_len (plen) is not correct, a +1 should be added.
> Similar fixes should be applied to lines 1423 and 1430.
> Please note that memory allocation for auth_str (using elen + 6) is risky for the future. If "Basic" is substituted with "Digest" the +6 becomes incorrect, causing another buffer overflow.
> Thank you,
> Stefano.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: axis-c-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-c-dev-help@ws.apache.org