httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From n.@apache.org
Subject cvs commit: apache-1.3/src/support ab.c
Date Thu, 31 Jul 2003 20:30:26 GMT
nd          2003/07/31 13:30:26

  Modified:    src      CHANGES
               src/support ab.c
  Log:
  reject overlong credentials from command line
  
  Reviewed by: Justin Erenkrantz, Jeff Trawick
  
  Revision  Changes    Path
  1.1903    +3 -0      apache-1.3/src/CHANGES
  
  Index: CHANGES
  ===================================================================
  RCS file: /home/cvs/apache-1.3/src/CHANGES,v
  retrieving revision 1.1902
  retrieving revision 1.1903
  diff -u -r1.1902 -r1.1903
  --- CHANGES	29 Jul 2003 17:49:53 -0000	1.1902
  +++ CHANGES	31 Jul 2003 20:30:26 -0000	1.1903
  @@ -1,5 +1,8 @@
   Changes with Apache 1.3.29
   
  +  *) ab: Overlong credentials given via command line no longer clobber
  +     the buffer.  [André Malo]
  +
     *) Fix ProxyPass for ftp requests - the original code was segfaulting since 
        many of the values were not being filled out in the request_rec.
        [Tollef Fog Heen <tfheen@debian.org, Thom May]
  
  
  
  1.70      +12 -3     apache-1.3/src/support/ab.c
  
  Index: ab.c
  ===================================================================
  RCS file: /home/cvs/apache-1.3/src/support/ab.c,v
  retrieving revision 1.69
  retrieving revision 1.70
  diff -u -r1.69 -r1.70
  --- ab.c	6 Jul 2003 17:52:27 -0000	1.69
  +++ ab.c	31 Jul 2003 20:30:26 -0000	1.70
  @@ -1593,7 +1593,12 @@
   	     */
   	    while (isspace((int)*optarg))
   		optarg++;
  -	    l = ap_base64encode(tmp, optarg, strlen(optarg));
  +            if (ap_base64encode_len(strlen(optarg)) > sizeof(tmp)) {
  +                fprintf(stderr, "%s: Authentication credentials too long\n",
  +                        argv[0]);
  +                exit(1);
  +            }
  +            l = ap_base64encode(tmp, optarg, strlen(optarg));
   	    tmp[l] = '\0';
   
   	    strncat(auth, "Authorization: Basic ", sizeof(auth)-strlen(auth)-1);
  @@ -1606,6 +1611,10 @@
   	     */
   	    while (isspace((int)*optarg))
   		optarg++;
  +            if (ap_base64encode_len(strlen(optarg)) > sizeof(tmp)) {
  +                fprintf(stderr, "%s: Proxy credentials too long\n", argv[0]);
  +                exit(1);
  +            }
   	    l = ap_base64encode(tmp, optarg, strlen(optarg));
   	    tmp[l] = '\0';
   
  
  
  

Mime
View raw message