Received: by taz.hyperreal.com (8.8.3/V2.0) id QAA20336;
 Sat, 11 Jan 1997 16:45:59 -0800 (PST)
Received: by taz.hyperreal.com (8.8.3/V2.0) id QAA20330;
 Sat, 11 Jan 1997 16:45:56 -0800 (PST)
Date: Sat, 11 Jan 1997 16:45:56 -0800 (PST)
From: Randy Terbush <randy@hyperreal.com>
Message-Id: <199701120045.QAA20330@taz.hyperreal.com>
To: apache-cvs@hyperreal.com
Subject: cvs commit: apache/src mod_cookies.c
Sender: apache-cvs-owner@apache.org
Precedence: bulk
Reply-To: new-httpd@hyperreal.com

randy       97/01/11 16:45:55

  Branch:      src       RELEASE_1_1_X
  Modified:    src       mod_cookies.c
  Log:
  Fix a buffer overflow problem which could allow unauthorized access.
  Reviewed by: Marc Slemko, Randy Terbush, Ben Laurie
  Submitted by: Alfred Huger <ahuger@secnet.com>
  
  Revision  Changes    Path
  1.9.2.2   +4 -1      apache/src/Attic/mod_cookies.c
  
  Index: mod_cookies.c
  ===================================================================
  RCS file: /export/home/cvs/apache/src/Attic/mod_cookies.c,v
  retrieving revision 1.9.2.1
  retrieving revision 1.9.2.2
  diff -C3 -r1.9.2.1 -r1.9.2.2
  *** mod_cookies.c	1996/07/04 13:04:22	1.9.2.1
  --- mod_cookies.c	1997/01/12 00:45:54	1.9.2.2
  ***************
  *** 119,125 ****
    void make_cookie(request_rec *r)
    {
        struct timeval tv;
  !     char new_cookie[100];	/* blurgh */
        char *dot;
        const char *rname = pstrdup(r->pool, 
    				get_remote_host(r->connection, r->per_dir_config,
  --- 119,125 ----
    void make_cookie(request_rec *r)
    {
        struct timeval tv;
  !     char new_cookie[1024];	/* blurgh */
        char *dot;
        const char *rname = pstrdup(r->pool, 
    				get_remote_host(r->connection, r->per_dir_config,
  ***************
  *** 128,133 ****
  --- 128,136 ----
        struct timezone tz = { 0 , 0 };
    
        if ((dot = strchr(rname,'.'))) *dot='\0';	/* First bit of hostname */
  +     if (strlen (rname) > 255)
  +       rname[256] = 0;
  + 
        gettimeofday(&tv, &tz);
        sprintf(new_cookie,"%s%s%d%ld%d; path=/",
            COOKIE_NAME, rname,