Forward port a fix for a pair of potential buffer overflows in htdigest from 1.3

author Thom May <thommay@apache.org>

Thu, 1 May 2003 13:45:38 +0000 (13:45 +0000)

committer Thom May <thommay@apache.org>

Thu, 1 May 2003 13:45:38 +0000 (13:45 +0000)
author Thom May <thommay@apache.org>
Thu, 1 May 2003 13:45:38 +0000 (13:45 +0000)
committer Thom May <thommay@apache.org>
Thu, 1 May 2003 13:45:38 +0000 (13:45 +0000)
diff --git a/CHANGES b/CHANGES

index 153122d2175415647917b438936132403e7658d5..5dd4de5e6ba24bfe98c97cd1ead83b0a0ede6448 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -2,6 +2,8 @@ Changes with Apache 2.1.0-dev
  
    [Remove entries to the current 2.0 section below, when backported]
  
+  *) forward port of buffer overflow fixes for htdigest. [Thom May]
+
    *) prefork MPM: Use the right permissions for the directory created 
       for gprof support.  [Jim Carlson <jcarlson@jnous.com>]
  
diff --git a/support/htdigest.c b/support/htdigest.c

index ece9173d6dae30e3ef4d6bb7c0617afcc3c43a65..79d71714007c53ebf7e789dfb0169f3aee6a715f 100644 (file)
--- a/support/htdigest.c
+++ b/support/htdigest.c
@@ -307,8 +307,8 @@ int main(int argc, const char * const argv[])
         fprintf(stderr, "Use -c option to create new one.\n");
         cleanup_tempfile_and_exit(1);
      }
-    strcpy(user, argv[3]);
-    strcpy(realm, argv[2]);
+    apr_cpystrn(user, argv[3], sizeof(user));
+    apr_cpystrn(realm, argv[2], sizeof(realm));
  
      found = 0;
      while (!(get_line(line, MAX_STRING_LEN, f))) {
author	Thom May <thommay@apache.org>
	Thu, 1 May 2003 13:45:38 +0000 (13:45 +0000)
committer	Thom May <thommay@apache.org>
	Thu, 1 May 2003 13:45:38 +0000 (13:45 +0000)
CHANGES		patch \| blob \| history
support/htdigest.c		patch \| blob \| history