htdigest: Fix possible overflow in command line processing. htdigest is not

supposed to be suid save, therefore not treated as a security issue.

CVE-2005-1344
Submitted by: Adam Conrad
Reviewed by: Stefan Fritsch

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@826506 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/support/htdigest.c b/support/htdigest.c
index 4f99d3eb71ebd88ea9d7627d011c83e66f8c2a9d..ad69223b33ad87c40045bdac9b918a7cbbcfa57e 100644 (file)
--- a/support/htdigest.c
+++ b/support/htdigest.c
@@ -222,9 +222,11 @@ int main(int argc, const char * const argv[])
                     apr_strerror(rv, errmsg, sizeof errmsg));
             exit(1);
         }
+       apr_cpystrn(user, argv[4], sizeof(user));
+       apr_cpystrn(realm, argv[3], sizeof(realm));
         apr_file_printf(errfile, "Adding password for %s in realm %s.\n",
-                    argv[4], argv[3]);
-        add_password(argv[4], argv[3], f);
+                    user, realm);
+        add_password(user, realm, f);
         apr_file_close(f);
         exit(0);
     }