apr-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 45679] SHA1 passwords starting with {SHA} don't work and cause a minor buffer overrun
Date Mon, 25 Aug 2008 08:25:22 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=45679


Bojan Smojver <bojan@rexursive.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |bojan@rexursive.com




--- Comment #1 from Bojan Smojver <bojan@rexursive.com>  2008-08-25 01:25:21 PST ---
I don't think this patch is correct. I think we should actually do this (note
that there is a tab in the first patched line, hence the diff):

Index: crypto/apr_sha1.c
===================================================================
--- crypto/apr_sha1.c   (revision 685796)
+++ crypto/apr_sha1.c   (working copy)
@@ -352,7 +352,8 @@
     apr_byte_t digest[APR_SHA1_DIGESTSIZE];

     if (strncmp(clear, APR_SHA1PW_ID, APR_SHA1PW_IDLEN) == 0) {
-       clear += APR_SHA1PW_IDLEN;
+        clear += APR_SHA1PW_IDLEN;
+        len -= APR_SHA1PW_IDLEN;
     }

     apr_sha1_init(&context);

Does the above work for you?


-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@apr.apache.org
For additional commands, e-mail: bugs-help@apr.apache.org


Mime
View raw message