httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From m...@hyperreal.org
Subject cvs commit: apache/src util.c
Date Mon, 05 Jan 1998 20:56:29 GMT
marc        98/01/05 12:56:29

  Modified:    src      Tag: APACHE_1_2_X util.c
  Log:
  Eliminate (content sensitive) buffer overflow in cfg_getline.  I
  have tested it and this hole is exploitable.
  
  Reviewed by:	Martin Kraemer, Mark J Cox, Dean Gaudet, Randy Terbush
  
  Revision  Changes    Path
  No                   revision
  
  
  No                   revision
  
  
  1.52.2.4  +6 -1      apache/src/util.c
  
  Index: util.c
  ===================================================================
  RCS file: /export/home/cvs/apache/src/util.c,v
  retrieving revision 1.52.2.3
  retrieving revision 1.52.2.4
  diff -u -r1.52.2.3 -r1.52.2.4
  --- util.c	1997/12/30 18:59:32	1.52.2.3
  +++ util.c	1998/01/05 20:56:28	1.52.2.4
  @@ -569,6 +569,11 @@
       if(c == EOF)
   	return 1;
   
  +    if(n < 2) {
  +	/* too small, assume caller is crazy */
  +	return 1;
  +    }
  +
       while(1) {
           if((c == '\t') || (c == ' ')) {
               s[i++] = ' ';
  @@ -578,7 +583,7 @@
           if(c == CR) {
               c = getc(f);
           }
  -        if(c == EOF || c == 0x4 || c == LF || i == (n-1)) {
  +        if(c == EOF || c == 0x4 || c == LF || i >= (n-2)) {
               /* blast trailing whitespace */
               while(i && (s[i-1] == ' ')) --i;
               s[i] = '\0';
  
  
  

Mime
View raw message