httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject [Bug 61511] htdigest: one byte stack buffer overflow on malformed input file
Date Sat, 09 Sep 2017 10:08:48 GMT
https://bz.apache.org/bugzilla/show_bug.cgi?id=61511

--- Comment #2 from Luca Toscano <toscano.luca@gmail.com> ---
Hi Hanno,

thanks a lot for the report. The following patch seems to work for me:

./support/htdigest poc try elukey

The following line is longer than the maximum allowed (256):
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa

I am not familiar with the htdigest.c code so I'll need to take a deeper look.
Will wait for other people's comments too :)

Luca

Patch:

Index: support/htdigest.c
===================================================================
--- support/htdigest.c  (revision 1807869)
+++ support/htdigest.c  (working copy)
@@ -256,6 +256,11 @@

     found = 0;
     while (!(get_line(line, sizeof(line), f))) {
+        if (strlen(line) >= MAX_STRING_LEN) {
+            apr_file_printf(errfile, "The following line is longer than the "
+                                     "maximum allowed (%i): %s",
MAX_STRING_LEN, line);
+            cleanup_tempfile_and_exit(1);
+        }
         if (found || (line[0] == '#') || (!line[0])) {
             putline(tfp, line);
             continue;

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message