httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jor...@apache.org
Subject cvs commit: httpd-2.0/modules/ssl ssl_engine_kernel.c
Date Tue, 25 May 2004 12:09:01 GMT
jorton      2004/05/25 05:09:01

  Modified:    modules/ssl ssl_engine_kernel.c
  Log:
  * modules/ssl/ssl_engine_kernel.c (ssl_hook_UserCheck): Fix buffer
  overflow in FakeBasicAuth code if client's subject DN exceeds 6K in
  length (CVE CAN-2004-0488); switch to using apr-util base64 encoder
  functions.
  
  Revision  Changes    Path
  1.106     +8 -7      httpd-2.0/modules/ssl/ssl_engine_kernel.c
  
  Index: ssl_engine_kernel.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_kernel.c,v
  retrieving revision 1.105
  retrieving revision 1.106
  diff -d -u -r1.105 -r1.106
  --- ssl_engine_kernel.c	5 Mar 2004 02:44:40 -0000	1.105
  +++ ssl_engine_kernel.c	25 May 2004 12:09:01 -0000	1.106
  @@ -807,7 +807,6 @@
       SSLConnRec *sslconn = myConnConfig(r->connection);
       SSLSrvConfigRec *sc = mySrvConfig(r->server);
       SSLDirConfigRec *dc = myDirConfig(r);
  -    char buf1[MAX_STRING_LEN], buf2[MAX_STRING_LEN];
       char *clientdn;
       const char *auth_line, *username, *password;
   
  @@ -886,14 +885,16 @@
        * adding the string "xxj31ZMTZzkVA" as the password in the user file.
        * This is just the crypted variant of the word "password" ;-)
        */
  -    apr_snprintf(buf1, sizeof(buf1), "%s:password", clientdn);
  -    ssl_util_uuencode(buf2, buf1, FALSE);
  -
  -    apr_snprintf(buf1, sizeof(buf1), "Basic %s", buf2);
  -    apr_table_set(r->headers_in, "Authorization", buf1);
  +    auth_line = apr_pstrcat(r->pool, "Basic ", 
  +                            ap_pbase64encode(r->pool, 
  +                                             apr_pstrcat(r->pool, clientdn, 
  +                                                         ":password", NULL)),
  +                            NULL);
  +    apr_table_set(r->headers_in, "Authorization", auth_line);
   
       ap_log_error(APLOG_MARK, APLOG_INFO, 0, r->server,
  -                 "Faking HTTP Basic Auth header: \"Authorization: %s\"", buf1);
  +                 "Faking HTTP Basic Auth header: \"Authorization: %s\"",
  +                 auth_line);
   
       return DECLINED;
   }
  
  
  

Mime
View raw message