htdigest: Fix buffer overflow when reading digest

password file with very long lines. PR 54893. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1475878 13f79535-47bb-0310-9956-ffa450edef68
author: Rainer Jung <rjung@apache.org> 2013-04-25 18:02:48 +0000
committer: Rainer Jung <rjung@apache.org> 2013-04-25 18:02:48 +0000
commit: e6a4c072419671c81e51360178f6d0693d1dcfa2 (patch)
tree: baf5feb7e296101feb5cb908b92afc4d998921e4 /support/htdigest.c
parent: f95173ab3c4a99f0a6017770288e37c58b10bace (diff)
download: httpd-e6a4c072419671c81e51360178f6d0693d1dcfa2.tar.gz
1 files changed, 4 insertions, 1 deletions
diff --git a/support/htdigest.c b/support/htdigest.c
index a8b464aedd..f76036d7a5 100644
--- a/support/htdigest.c
+++ b/support/htdigest.c
@@ -96,12 +96,15 @@ static int get_line(char *s, int n, apr_file_t *f)
     char ch;
     apr_status_t rv = APR_EINVAL;
 
-    while (i < (n - 1) &&
+    /* we need 2 remaining bytes in buffer */
+    while (i < (n - 2) &&
            ((rv = apr_file_getc(&ch, f)) == APR_SUCCESS) && (ch != '\n')) {
         s[i++] = ch;
     }
+    /* First remaining byte potentially used here */
     if (ch == '\n')
         s[i++] = ch;
+    /* Second remaining byte used here */
     s[i] = '\0';
 
     if (rv != APR_SUCCESS)
author	Rainer Jung <rjung@apache.org>	2013-04-25 18:02:48 +0000
committer	Rainer Jung <rjung@apache.org>	2013-04-25 18:02:48 +0000
commit	e6a4c072419671c81e51360178f6d0693d1dcfa2 (patch)
tree	baf5feb7e296101feb5cb908b92afc4d998921e4 /support/htdigest.c
parent	f95173ab3c4a99f0a6017770288e37c58b10bace (diff)
download	httpd-e6a4c072419671c81e51360178f6d0693d1dcfa2.tar.gz