httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From n.@apache.org
Subject cvs commit: httpd-2.0/support ab.c
Date Thu, 31 Jul 2003 20:23:21 GMT
nd          2003/07/31 13:23:21

  Modified:    .        Tag: APACHE_2_0_BRANCH CHANGES STATUS
               support  Tag: APACHE_2_0_BRANCH ab.c
  Log:
  reject overlong credentials from command line
  
  Reviewed by: Justin Erenkrantz, Jeff Trawick
  
  Revision  Changes    Path
  No                   revision
  No                   revision
  1.988.2.143 +3 -0      httpd-2.0/CHANGES
  
  Index: CHANGES
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/CHANGES,v
  retrieving revision 1.988.2.142
  retrieving revision 1.988.2.143
  diff -u -r1.988.2.142 -r1.988.2.143
  --- CHANGES	28 Jul 2003 02:05:56 -0000	1.988.2.142
  +++ CHANGES	31 Jul 2003 20:23:20 -0000	1.988.2.143
  @@ -1,5 +1,8 @@
   Changes with Apache 2.0.48
   
  +  *) ab: Overlong credentials given via command line no longer clobber
  +     the buffer.  [André Malo]
  +
     *) mod_deflate: Don't attempt to hold all of the response until we're
        done.  [Justin Erenkrantz]
   
  
  
  
  1.751.2.405 +1 -5      httpd-2.0/STATUS
  
  Index: STATUS
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/STATUS,v
  retrieving revision 1.751.2.404
  retrieving revision 1.751.2.405
  diff -u -r1.751.2.404 -r1.751.2.405
  --- STATUS	30 Jul 2003 20:33:55 -0000	1.751.2.404
  +++ STATUS	31 Jul 2003 20:23:20 -0000	1.751.2.405
  @@ -266,10 +266,6 @@
               nd replies: of course ..., 1.168 does.
         +1: nd, jerenkrantz, trawick
   
  -    * ab: reject overlong credentials from command line (2.0 + 1.3)
  -        support/ab.c: r1.127
  -      +1: nd, jerenkrantz, trawick
  -
       * ab: Handle conditions where connect() on non-blocking socket
         doesn't complete immediately (i.e., restore functionality when
         benchmarking non-local targets).  This doesn't resolve some
  
  
  
  No                   revision
  No                   revision
  1.121.2.3 +8 -2      httpd-2.0/support/ab.c
  
  Index: ab.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/support/ab.c,v
  retrieving revision 1.121.2.2
  retrieving revision 1.121.2.3
  diff -u -r1.121.2.2 -r1.121.2.3
  --- ab.c	12 Jul 2003 12:44:11 -0000	1.121.2.2
  +++ ab.c	31 Jul 2003 20:23:21 -0000	1.121.2.3
  @@ -2070,6 +2070,9 @@
   	     */
   	    while (apr_isspace(*optarg))
   		optarg++;
  +            if (apr_base64_encode_len(strlen(optarg)) > sizeof(tmp)) {
  +                err("Authentication credentials too long\n");
  +            }
   	    l = apr_base64_encode(tmp, optarg, strlen(optarg));
   	    tmp[l] = '\0';
   
  @@ -2082,6 +2085,9 @@
                */
   	    while (apr_isspace(*optarg))
   		optarg++;
  +            if (apr_base64_encode_len(strlen(optarg)) > sizeof(tmp)) {
  +                err("Proxy credentials too long\n");
  +            }
   	    l = apr_base64_encode(tmp, optarg, strlen(optarg));
   	    tmp[l] = '\0';
   
  
  
  

Mime
View raw message