diff options
author | Rainer Jung <rjung@apache.org> | 2013-04-25 18:02:48 +0000 |
---|---|---|
committer | Rainer Jung <rjung@apache.org> | 2013-04-25 18:02:48 +0000 |
commit | e6a4c072419671c81e51360178f6d0693d1dcfa2 (patch) | |
tree | baf5feb7e296101feb5cb908b92afc4d998921e4 /support/htdigest.c | |
parent | f95173ab3c4a99f0a6017770288e37c58b10bace (diff) | |
download | httpd-e6a4c072419671c81e51360178f6d0693d1dcfa2.tar.gz |
htdigest: Fix buffer overflow when reading digest
password file with very long lines.
PR 54893.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1475878 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'support/htdigest.c')
-rw-r--r-- | support/htdigest.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/support/htdigest.c b/support/htdigest.c index a8b464aedd..f76036d7a5 100644 --- a/support/htdigest.c +++ b/support/htdigest.c @@ -96,12 +96,15 @@ static int get_line(char *s, int n, apr_file_t *f) char ch; apr_status_t rv = APR_EINVAL; - while (i < (n - 1) && + /* we need 2 remaining bytes in buffer */ + while (i < (n - 2) && ((rv = apr_file_getc(&ch, f)) == APR_SUCCESS) && (ch != '\n')) { s[i++] = ch; } + /* First remaining byte potentially used here */ if (ch == '\n') s[i++] = ch; + /* Second remaining byte used here */ s[i] = '\0'; if (rv != APR_SUCCESS) |