htdigest: Fix buffer overflow when reading digest

author Rainer Jung <rjung@apache.org>

Thu, 25 Apr 2013 18:02:48 +0000 (18:02 +0000)

committer Rainer Jung <rjung@apache.org>

Thu, 25 Apr 2013 18:02:48 +0000 (18:02 +0000)
author Rainer Jung <rjung@apache.org>
Thu, 25 Apr 2013 18:02:48 +0000 (18:02 +0000)
committer Rainer Jung <rjung@apache.org>
Thu, 25 Apr 2013 18:02:48 +0000 (18:02 +0000)
diff --git a/CHANGES b/CHANGES

index deca4432f0917678952224dd3a369cb153e20aaf..802385cafe6687dbf08f0be1a8853f3135bde089 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,9 @@
                                                           -*- coding: utf-8 -*-
  Changes with Apache 2.5.0
  
+  *) htdigest: Fix buffer overflow when reading digest password file
+     with very long lines. PR 54893. [Rainer Jung]
+
    *) mod_setenvif: Fix crash in case SetEnvif and SetEnvIfExpr are used
       together. PR 54881. [Ruediger Pluem]
  
diff --git a/support/htdigest.c b/support/htdigest.c

index a8b464aedda3ca1ed6889de4fc18eda9621af640..f76036d7a5bd34e3e583d0f8e6027d2e7fe64482 100644 (file)
--- a/support/htdigest.c
+++ b/support/htdigest.c
@@ -96,12 +96,15 @@ static int get_line(char *s, int n, apr_file_t *f)
      char ch;
      apr_status_t rv = APR_EINVAL;
  
-    while (i < (n - 1) &&
+    /* we need 2 remaining bytes in buffer */
+    while (i < (n - 2) &&
             ((rv = apr_file_getc(&ch, f)) == APR_SUCCESS) && (ch != '\n')) {
          s[i++] = ch;
      }
+    /* First remaining byte potentially used here */
      if (ch == '\n')
          s[i++] = ch;
+    /* Second remaining byte used here */
      s[i] = '\0';
  
      if (rv != APR_SUCCESS)
author	Rainer Jung <rjung@apache.org>
	Thu, 25 Apr 2013 18:02:48 +0000 (18:02 +0000)
committer	Rainer Jung <rjung@apache.org>
	Thu, 25 Apr 2013 18:02:48 +0000 (18:02 +0000)
CHANGES		patch \| blob \| history
support/htdigest.c		patch \| blob \| history