mod_proxy_ajp: Avoid delivering content from a previous request which
failed to send a request body. PR 46949 [Ruediger Pluem]
+ *) htdbm: Fix possible buffer overflow if dbm database has very
+ long values. PR 30586 [Dan Poirier]
+
*) core: Return APR_EOF if request body is shorter than the length announced
by the client. PR 33098 [ Stefan Fritsch <sf sfritsch.de>]
static apr_status_t htdbm_verify(htdbm_t *htdbm)
{
apr_datum_t key, val;
- char pwd[MAX_STRING_LEN] = {0};
+ char *pwd;
char *rec, *cmnt;
key.dptr = htdbm->username;
rec = apr_pstrndup(htdbm->pool, val.dptr, val.dsize);
cmnt = strchr(rec, ':');
if (cmnt)
- strncpy(pwd, rec, cmnt - rec);
+ pwd = apr_pstrndup(htdbm->pool, rec, cmnt - rec);
else
- strcpy(pwd, rec);
+ pwd = apr_pstrdup(htdbm->pool, rec);
return apr_password_validate(htdbm->userpass, pwd);
}
apr_status_t rv;
apr_datum_t key, val;
char *rec, *cmnt;
- char kb[MAX_STRING_LEN];
+ char *kb;
int i = 0;
rv = apr_dbm_firstkey(htdbm->dbm, &key);
fprintf(stderr, "Empty database -- %s\n", htdbm->filename);
return APR_ENOENT;
}
- rec = apr_pcalloc(htdbm->pool, HUGE_STRING_LEN);
-
fprintf(stderr, "Dumping records from database -- %s\n", htdbm->filename);
fprintf(stderr, " %-32sComment\n", "Username");
while (key.dptr != NULL) {
fprintf(stderr, "Failed getting data from %s\n", htdbm->filename);
return APR_EGENERAL;
}
- strncpy(kb, key.dptr, key.dsize);
- kb[key.dsize] = '\0';
+ kb = apr_pstrndup(htdbm->pool, key.dptr, key.dsize);
fprintf(stderr, " %-32s", kb);
- strncpy(rec, val.dptr, val.dsize);
- rec[val.dsize] = '\0';
+ rec = apr_pstrndup(htdbm->pool, val.dptr, val.dsize);
cmnt = strchr(rec, ':');
if (cmnt)
fprintf(stderr, "%s", cmnt + 1);
projects / apache / commitdiff