diff options
| author | Stefan Fritsch <sf@apache.org> | 2009-10-18 19:35:42 +0000 |
|---|---|---|
| committer | Stefan Fritsch <sf@apache.org> | 2009-10-18 19:35:42 +0000 |
| commit | cb80694fcc8d7d377eaa14608b3d868fd1d5980e (patch) | |
| tree | c0dfa8097846d0229ce0d728735a19676b0bb1c8 /support/htdigest.c | |
| parent | 97944da68c7df26fa5da4a91a1559cb27edf4e8c (diff) | |
| download | httpd-cb80694fcc8d7d377eaa14608b3d868fd1d5980e.tar.gz | |
htdigest: Fix possible overflow in command line processing. htdigest is not
supposed to be suid save, therefore not treated as a security issue.
CVE-2005-1344
Submitted by: Adam Conrad
Reviewed by: Stefan Fritsch
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@826506 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'support/htdigest.c')
| -rw-r--r-- | support/htdigest.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/support/htdigest.c b/support/htdigest.c index 4f99d3eb71..ad69223b33 100644 --- a/support/htdigest.c +++ b/support/htdigest.c @@ -222,9 +222,11 @@ int main(int argc, const char * const argv[]) apr_strerror(rv, errmsg, sizeof errmsg)); exit(1); } + apr_cpystrn(user, argv[4], sizeof(user)); + apr_cpystrn(realm, argv[3], sizeof(realm)); apr_file_printf(errfile, "Adding password for %s in realm %s.\n", - argv[4], argv[3]); - add_password(argv[4], argv[3], f); + user, realm); + add_password(user, realm, f); apr_file_close(f); exit(0); } |