Commit 64addc45 authored Apr 26, 2013 by Rainer Jung

htdigest: Fix buffer overflow when reading digest

password file with very long lines.

PR 54893.

Backport of r1475878 from trunk resp.
r1476089 from 2.4.x.

Proposed/Backported by: rjung
Reviewed by: humbedooh, rpluem


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1476242 13f79535-47bb-0310-9956-ffa450edef68

parent 516ce3cb

CHANGES

+2 −0

Original line number	Diff line number	Diff line
		-- coding: utf-8 --
		Changes with Apache 2.2.25

		*) htdigest: Fix buffer overflow when reading digest password file
		with very long lines. PR 54893. [Rainer Jung]


		Changes with Apache 2.2.24

STATUS

+0 −6

Original line number	Diff line number	Diff line
		@@ -109,12 +109,6 @@ PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
		2.2.x patch: http://people.apache.org/~wrowe/httpd-2.2-quiet-fips.patch
		+1: wrowe, druggeri, kbrand

		* htdigest: Fix buffer overflow when reading digest
		password file with very long lines. PR 54893.
		trunk patch: https://svn.apache.org/r1475878
		2.4.x patch: https://svn.apache.org/r1476089.
		2.2.x patch: trunk and 2.4.x patch work
		+1: rjung, humbedooh, rpluem

		PATCHES PROPOSED TO BACKPORT FROM TRUNK:
		[ New proposals should be added at the end of the list ]

support/htdigest.c

+4 −1

Original line number	Diff line number	Diff line
		@@ -96,12 +96,15 @@ static int get_line(char s, int n, apr_file_t f)
		char ch;
		apr_status_t rv = APR_EINVAL;

		while (i < (n - 1) &&
		/* we need 2 remaining bytes in buffer */
		while (i < (n - 2) &&
		((rv = apr_file_getc(&ch, f)) == APR_SUCCESS) && (ch != '\n')) {
		s[i++] = ch;
		}
		/* First remaining byte potentially used here */
		if (ch == '\n')
		s[i++] = ch;
		/* Second remaining byte used here */
		s[i] = '\0';

		if (rv != APR_SUCCESS)