httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ruediger Pluem <rpl...@apache.org>
Subject Re: svn commit: r826520 - /httpd/httpd/trunk/support/htdigest.c
Date Sun, 18 Oct 2009 21:02:40 GMT


On 10/18/2009 10:39 PM, sf@apache.org wrote:
> Author: sf
> Date: Sun Oct 18 20:39:05 2009
> New Revision: 826520
> 
> URL: http://svn.apache.org/viewvc?rev=826520&view=rev
> Log:
> Fix some more overflows spotted by Ruediger Pluem
> 
> Modified:
>     httpd/httpd/trunk/support/htdigest.c
> 
> Modified: httpd/httpd/trunk/support/htdigest.c
> URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/support/htdigest.c?rev=826520&r1=826519&r2=826520&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/support/htdigest.c (original)
> +++ httpd/httpd/trunk/support/htdigest.c Sun Oct 18 20:39:05 2009
> @@ -124,7 +124,7 @@
>      char *pw;
>      apr_md5_ctx_t context;
>      unsigned char digest[16];
> -    char string[MAX_STRING_LEN];
> +    char string[3 * MAX_STRING_LEN];
>      char pwin[MAX_STRING_LEN];
>      char pwv[MAX_STRING_LEN];
>      unsigned int i;
> @@ -188,8 +188,8 @@
>      char *dirname;
>      char user[MAX_STRING_LEN];
>      char realm[MAX_STRING_LEN];
> -    char line[MAX_STRING_LEN];
> -    char l[MAX_STRING_LEN];
> +    char line[3 * MAX_STRING_LEN];

Why do you think that line should be also 3 * MAX_STRING_LEN?
I guess currently it can be MAX_STRING_LEN at max because of line
256:

    while (!(get_line(line, MAX_STRING_LEN, f))) {

But maybe this should be changed to

while (!(get_line(line, 3 * MAX_STRING_LEN, f))) {

as a password line could be up to 2 * MAX_STRING_LEN + length of MD5 hash in hex + 1.


Regards

RĂ¼diger

Mime
View raw message