From: Stefan Fritsch <sf@apache.org>
Date: Sun, 18 Oct 2009 19:35:42 +0000 (+0000)
Subject: htdigest: Fix possible overflow in command line processing. htdigest is not
X-Git-Tag: 2.3.3~157
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=cb80694fcc8d7d377eaa14608b3d868fd1d5980e;p=apache

htdigest: Fix possible overflow in command line processing. htdigest is not
supposed to be suid save, therefore not treated as a security issue.

CVE-2005-1344
Submitted by: Adam Conrad
Reviewed by: Stefan Fritsch


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@826506 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/support/htdigest.c b/support/htdigest.c
index 4f99d3eb71..ad69223b33 100644
--- a/support/htdigest.c
+++ b/support/htdigest.c
@@ -222,9 +222,11 @@ int main(int argc, const char * const argv[])
                     apr_strerror(rv, errmsg, sizeof errmsg));
             exit(1);
         }
+	apr_cpystrn(user, argv[4], sizeof(user));
+	apr_cpystrn(realm, argv[3], sizeof(realm));
         apr_file_printf(errfile, "Adding password for %s in realm %s.\n",
-                    argv[4], argv[3]);
-        add_password(argv[4], argv[3], f);
+                    user, realm);
+        add_password(user, realm, f);
         apr_file_close(f);
         exit(0);
     }