On 10/18/2009 10:39 PM, s...@apache.org wrote: > Author: sf > Date: Sun Oct 18 20:39:05 2009 > New Revision: 826520 > > URL: http://svn.apache.org/viewvc?rev=826520&view=rev > Log: > Fix some more overflows spotted by Ruediger Pluem > > Modified: > httpd/httpd/trunk/support/htdigest.c > > Modified: httpd/httpd/trunk/support/htdigest.c > URL: > http://svn.apache.org/viewvc/httpd/httpd/trunk/support/htdigest.c?rev=826520&r1=826519&r2=826520&view=diff > ============================================================================== > --- httpd/httpd/trunk/support/htdigest.c (original) > +++ httpd/httpd/trunk/support/htdigest.c Sun Oct 18 20:39:05 2009 > @@ -124,7 +124,7 @@ > char *pw; > apr_md5_ctx_t context; > unsigned char digest[16]; > - char string[MAX_STRING_LEN]; > + char string[3 * MAX_STRING_LEN]; > char pwin[MAX_STRING_LEN]; > char pwv[MAX_STRING_LEN]; > unsigned int i; > @@ -188,8 +188,8 @@ > char *dirname; > char user[MAX_STRING_LEN]; > char realm[MAX_STRING_LEN]; > - char line[MAX_STRING_LEN]; > - char l[MAX_STRING_LEN]; > + char line[3 * MAX_STRING_LEN];
Why do you think that line should be also 3 * MAX_STRING_LEN? I guess currently it can be MAX_STRING_LEN at max because of line 256: while (!(get_line(line, MAX_STRING_LEN, f))) { But maybe this should be changed to while (!(get_line(line, 3 * MAX_STRING_LEN, f))) { as a password line could be up to 2 * MAX_STRING_LEN + length of MD5 hash in hex + 1. Regards RĂ¼diger