Return-Path: Delivered-To: apmail-httpd-cvs-archive@httpd.apache.org Received: (qmail 20725 invoked by uid 500); 31 Jul 2003 20:23:11 -0000 Mailing-List: contact cvs-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: list-post: Delivered-To: mailing list cvs@httpd.apache.org Received: (qmail 20691 invoked by uid 500); 31 Jul 2003 20:23:11 -0000 Delivered-To: apmail-httpd-2.0-cvs@apache.org Date: 31 Jul 2003 20:23:21 -0000 Message-ID: <20030731202321.25436.qmail@minotaur.apache.org> From: nd@apache.org To: httpd-2.0-cvs@apache.org Subject: cvs commit: httpd-2.0/support ab.c X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N nd 2003/07/31 13:23:21 Modified: . Tag: APACHE_2_0_BRANCH CHANGES STATUS support Tag: APACHE_2_0_BRANCH ab.c Log: reject overlong credentials from command line Reviewed by: Justin Erenkrantz, Jeff Trawick Revision Changes Path No revision No revision 1.988.2.143 +3 -0 httpd-2.0/CHANGES Index: CHANGES =================================================================== RCS file: /home/cvs/httpd-2.0/CHANGES,v retrieving revision 1.988.2.142 retrieving revision 1.988.2.143 diff -u -r1.988.2.142 -r1.988.2.143 --- CHANGES 28 Jul 2003 02:05:56 -0000 1.988.2.142 +++ CHANGES 31 Jul 2003 20:23:20 -0000 1.988.2.143 @@ -1,5 +1,8 @@ Changes with Apache 2.0.48 + *) ab: Overlong credentials given via command line no longer clobber + the buffer. [Andr� Malo] + *) mod_deflate: Don't attempt to hold all of the response until we're done. [Justin Erenkrantz] 1.751.2.405 +1 -5 httpd-2.0/STATUS Index: STATUS =================================================================== RCS file: /home/cvs/httpd-2.0/STATUS,v retrieving revision 1.751.2.404 retrieving revision 1.751.2.405 diff -u -r1.751.2.404 -r1.751.2.405 --- STATUS 30 Jul 2003 20:33:55 -0000 1.751.2.404 +++ STATUS 31 Jul 2003 20:23:20 -0000 1.751.2.405 @@ -266,10 +266,6 @@ nd replies: of course ..., 1.168 does. +1: nd, jerenkrantz, trawick - * ab: reject overlong credentials from command line (2.0 + 1.3) - support/ab.c: r1.127 - +1: nd, jerenkrantz, trawick - * ab: Handle conditions where connect() on non-blocking socket doesn't complete immediately (i.e., restore functionality when benchmarking non-local targets). This doesn't resolve some No revision No revision 1.121.2.3 +8 -2 httpd-2.0/support/ab.c Index: ab.c =================================================================== RCS file: /home/cvs/httpd-2.0/support/ab.c,v retrieving revision 1.121.2.2 retrieving revision 1.121.2.3 diff -u -r1.121.2.2 -r1.121.2.3 --- ab.c 12 Jul 2003 12:44:11 -0000 1.121.2.2 +++ ab.c 31 Jul 2003 20:23:21 -0000 1.121.2.3 @@ -2070,6 +2070,9 @@ */ while (apr_isspace(*optarg)) optarg++; + if (apr_base64_encode_len(strlen(optarg)) > sizeof(tmp)) { + err("Authentication credentials too long\n"); + } l = apr_base64_encode(tmp, optarg, strlen(optarg)); tmp[l] = '\0'; @@ -2082,6 +2085,9 @@ */ while (apr_isspace(*optarg)) optarg++; + if (apr_base64_encode_len(strlen(optarg)) > sizeof(tmp)) { + err("Proxy credentials too long\n"); + } l = apr_base64_encode(tmp, optarg, strlen(optarg)); tmp[l] = '\0';