From: André Malo Date: Mon, 21 Jul 2003 11:41:01 +0000 (+0000) Subject: reject overlong credentials from the commandline X-Git-Tag: pre_ajp_proxy~1396 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=6d5e39b8f77b96f2eb118350decf7d0d90fe826e;p=apache reject overlong credentials from the commandline Acked by: Cliff Woolley git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@100718 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index 00aba08b89..0124d822dd 100644 --- a/CHANGES +++ b/CHANGES @@ -2,6 +2,9 @@ Changes with Apache 2.1.0-dev [Remove entries to the current 2.0 section below, when backported] + *) ab: Overlong credentials given via command line no longer clobber + the buffer. [André Malo] + *) mod_rewrite: Ignore RewriteRules in .htaccess files if the directory containing the .htaccess file is requested without a trailing slash. PR 20195. [André Malo] diff --git a/support/ab.c b/support/ab.c index 059f4c2fc0..dd19510b0e 100644 --- a/support/ab.c +++ b/support/ab.c @@ -1793,14 +1793,14 @@ static void test(void) static void copyright(void) { if (!use_html) { - printf("This is ApacheBench, Version %s\n", AP_AB_BASEREVISION " <$Revision: 1.126 $> apache-2.0"); + printf("This is ApacheBench, Version %s\n", AP_AB_BASEREVISION " <$Revision: 1.127 $> apache-2.0"); printf("Copyright (c) 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/\n"); printf("Copyright (c) 1998-2002 The Apache Software Foundation, http://www.apache.org/\n"); printf("\n"); } else { printf("

\n"); - printf(" This is ApacheBench, Version %s <%s> apache-2.0
\n", AP_AB_BASEREVISION, "$Revision: 1.126 $"); + printf(" This is ApacheBench, Version %s <%s> apache-2.0
\n", AP_AB_BASEREVISION, "$Revision: 1.127 $"); printf(" Copyright (c) 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
\n"); printf(" Copyright (c) 1998-2002 The Apache Software Foundation, http://www.apache.org/
\n"); printf("

\n

\n"); @@ -2086,6 +2086,9 @@ int main(int argc, const char * const argv[]) */ while (apr_isspace(*optarg)) optarg++; + if (apr_base64_encode_len(strlen(optarg)) > sizeof(tmp)) { + err("Authentication credentials too long\n"); + } l = apr_base64_encode(tmp, optarg, strlen(optarg)); tmp[l] = '\0'; @@ -2098,6 +2101,9 @@ int main(int argc, const char * const argv[]) */ while (apr_isspace(*optarg)) optarg++; + if (apr_base64_encode_len(strlen(optarg)) > sizeof(tmp)) { + err("Proxy credentials too long\n"); + } l = apr_base64_encode(tmp, optarg, strlen(optarg)); tmp[l] = '\0';