On 10/18/2009 10:39 PM, s...@apache.org wrote:
> Author: sf
> Date: Sun Oct 18 20:39:05 2009
> New Revision: 826520
>
> URL: http://svn.apache.org/viewvc?rev=826520&view=rev
> Log:
> Fix some more overflows spotted by Ruediger Pluem
>
> Modified:
> httpd/httpd/trunk/support/htdigest.c
>
> Modified: httpd/httpd/trunk/support/htdigest.c
> URL:
> http://svn.apache.org/viewvc/httpd/httpd/trunk/support/htdigest.c?rev=826520&r1=826519&r2=826520&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/support/htdigest.c (original)
> +++ httpd/httpd/trunk/support/htdigest.c Sun Oct 18 20:39:05 2009
> @@ -124,7 +124,7 @@
> char *pw;
> apr_md5_ctx_t context;
> unsigned char digest[16];
> - char string[MAX_STRING_LEN];
> + char string[3 * MAX_STRING_LEN];
> char pwin[MAX_STRING_LEN];
> char pwv[MAX_STRING_LEN];
> unsigned int i;
> @@ -188,8 +188,8 @@
> char *dirname;
> char user[MAX_STRING_LEN];
> char realm[MAX_STRING_LEN];
> - char line[MAX_STRING_LEN];
> - char l[MAX_STRING_LEN];
> + char line[3 * MAX_STRING_LEN];
Why do you think that line should be also 3 * MAX_STRING_LEN?
I guess currently it can be MAX_STRING_LEN at max because of line
256:
while (!(get_line(line, MAX_STRING_LEN, f))) {
But maybe this should be changed to
while (!(get_line(line, 3 * MAX_STRING_LEN, f))) {
as a password line could be up to 2 * MAX_STRING_LEN + length of MD5 hash in
hex + 1.
Regards
RĂ¼diger
