password file with very long lines.
PR 54893.
Backport of r1475878 from trunk.
Proposed/Backported by: rjung
Reviewed by: humbedooh, covener
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1476089 13f79535-47bb-0310-9956-
ffa450edef68
Changes with Apache 2.4.5
+ *) htdigest: Fix buffer overflow when reading digest password file
+ with very long lines. PR 54893. [Rainer Jung]
+
*) ap_expr: Add the ability to base64 encode and base64 decode
strings and to generate their SHA1 hash. [Graham Leggett]
2.4.x patch: trunk patches work
+1: sf, humbedooh, covener
- * htdigest: Fix buffer overflow when reading digest
- password file with very long lines. PR 54893.
- trunk patches: https://svn.apache.org/r1475878
- 2.4.x patch: trunk patches work
- +1: rjung, humbedooh, covener
-
PATCHES PROPOSED TO BACKPORT FROM TRUNK:
[ New proposals should be added at the end of the list ]
char ch;
apr_status_t rv = APR_EINVAL;
- while (i < (n - 1) &&
+ /* we need 2 remaining bytes in buffer */
+ while (i < (n - 2) &&
((rv = apr_file_getc(&ch, f)) == APR_SUCCESS) && (ch != '\n')) {
s[i++] = ch;
}
+ /* First remaining byte potentially used here */
if (ch == '\n')
s[i++] = ch;
+ /* Second remaining byte used here */
s[i] = '\0';
if (rv != APR_SUCCESS)
projects / apache / commitdiff