httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From n.@apache.org
Subject cvs commit: httpd-2.0/support ab.c
Date Mon, 21 Jul 2003 11:41:02 GMT
nd          2003/07/21 04:41:02

  Modified:    .        CHANGES
               support  ab.c
  Log:
  reject overlong credentials from the commandline
  
  Acked by: Cliff Woolley
  
  Revision  Changes    Path
  1.1233    +3 -0      httpd-2.0/CHANGES
  
  Index: CHANGES
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/CHANGES,v
  retrieving revision 1.1232
  retrieving revision 1.1233
  diff -u -r1.1232 -r1.1233
  --- CHANGES	16 Jul 2003 17:07:05 -0000	1.1232
  +++ CHANGES	21 Jul 2003 11:41:00 -0000	1.1233
  @@ -2,6 +2,9 @@
   
     [Remove entries to the current 2.0 section below, when backported]
   
  +  *) ab: Overlong credentials given via command line no longer clobber
  +     the buffer. [André Malo]
  +
     *) mod_rewrite: Ignore RewriteRules in .htaccess files if the directory
        containing the .htaccess file is requested without a trailing slash.
        PR 20195.  [André Malo]
  
  
  
  1.127     +8 -2      httpd-2.0/support/ab.c
  
  Index: ab.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/support/ab.c,v
  retrieving revision 1.126
  retrieving revision 1.127
  diff -u -r1.126 -r1.127
  --- ab.c	10 Jul 2003 19:16:35 -0000	1.126
  +++ ab.c	21 Jul 2003 11:41:01 -0000	1.127
  @@ -2086,6 +2086,9 @@
   	     */
   	    while (apr_isspace(*optarg))
   		optarg++;
  +            if (apr_base64_encode_len(strlen(optarg)) > sizeof(tmp)) {
  +                err("Authentication credentials too long\n");
  +            }
   	    l = apr_base64_encode(tmp, optarg, strlen(optarg));
   	    tmp[l] = '\0';
   
  @@ -2098,6 +2101,9 @@
                */
   	    while (apr_isspace(*optarg))
   		optarg++;
  +            if (apr_base64_encode_len(strlen(optarg)) > sizeof(tmp)) {
  +                err("Proxy credentials too long\n");
  +            }
   	    l = apr_base64_encode(tmp, optarg, strlen(optarg));
   	    tmp[l] = '\0';
   
  
  
  

Mime
View raw message