On Sunday 18 October 2009, Ruediger Pluem wrote: > Don't we still have an overflow? If argv[3] and argv[4] are of size > MAX_STRING_LEN (which is sizeof(user) and sizeof(realm) we still > have a > > sprintf(string, "%s:%s:%s", user, realm, pw); > > in line 147 with string, user, realm and pw all of size > MAX_STRING_LEN. I guess string should be char[3 * MAX_STRING_LEN] > instead of char[MAX_STRING_LEN]. > Good catch. Fixed in r826520.
- Re: svn commit: r826506 - /httpd/httpd/trunk/support/htdige... Ruediger Pluem
- Re: svn commit: r826506 - /httpd/httpd/trunk/support/h... Stefan Fritsch
