From: Rainer Jung Date: Fri, 26 Apr 2013 07:42:01 +0000 (+0000) Subject: htdigest: Fix buffer overflow when reading digest X-Git-Tag: 2.4.5~385 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=c14c2269c3e2b63a2be8235b40f684ebbaabdd58;p=apache htdigest: Fix buffer overflow when reading digest password file with very long lines. PR 54893. Backport of r1475878 from trunk. Proposed/Backported by: rjung Reviewed by: humbedooh, covener git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1476089 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index 7110bd3ba4..7aa1f49a6d 100644 --- a/CHANGES +++ b/CHANGES @@ -2,6 +2,9 @@ Changes with Apache 2.4.5 + *) htdigest: Fix buffer overflow when reading digest password file + with very long lines. PR 54893. [Rainer Jung] + *) ap_expr: Add the ability to base64 encode and base64 decode strings and to generate their SHA1 hash. [Graham Leggett] diff --git a/STATUS b/STATUS index 37848d55d7..ab090fe984 100644 --- a/STATUS +++ b/STATUS @@ -95,12 +95,6 @@ PATCHES ACCEPTED TO BACKPORT FROM TRUNK: 2.4.x patch: trunk patches work +1: sf, humbedooh, covener - * htdigest: Fix buffer overflow when reading digest - password file with very long lines. PR 54893. - trunk patches: https://svn.apache.org/r1475878 - 2.4.x patch: trunk patches work - +1: rjung, humbedooh, covener - PATCHES PROPOSED TO BACKPORT FROM TRUNK: [ New proposals should be added at the end of the list ] diff --git a/support/htdigest.c b/support/htdigest.c index a8b464aedd..f76036d7a5 100644 --- a/support/htdigest.c +++ b/support/htdigest.c @@ -96,12 +96,15 @@ static int get_line(char *s, int n, apr_file_t *f) char ch; apr_status_t rv = APR_EINVAL; - while (i < (n - 1) && + /* we need 2 remaining bytes in buffer */ + while (i < (n - 2) && ((rv = apr_file_getc(&ch, f)) == APR_SUCCESS) && (ch != '\n')) { s[i++] = ch; } + /* First remaining byte potentially used here */ if (ch == '\n') s[i++] = ch; + /* Second remaining byte used here */ s[i] = '\0'; if (rv != APR_SUCCESS)