[packages/ntop.git] / ntop-http_c.patch

revision 1.3
date: 2009/10/10 06:09:31;  author: rakesh;  state: Exp;  lines: +11 -9
Patch7: ntop-http_c_user.patch for #518264 (CVE-2009-2732)
----------------------------
revision 1.2
date: 2009/08/05 15:25:07;  author: rakesh;  state: dead;  lines: +0 -0

 - Updated to 3.3.10, updated geoip patch
 - lua_wget patch to prevent wget lua
 - removed ntop-http_c.patch
----------------------------
revision 1.1
date: 2009/03/17 08:28:30;  author: rakesh;  state: Exp;
Fixed world-writable access log (#490561)

--- ntop-3.3.10.org/http.c	2009-09-13 14:23:48.895204786 +0530
+++ ntop-3.3.10/http.c	2009-09-13 14:45:35.603204376 +0530
@@ -3439,6 +3439,9 @@
     strncpy(thePw, &outBuffer[i+1], thePwLen-1)[thePwLen-1] = '\0';
   }
 
+  if(user == NULL)
+    user = "";
+
   if(strlen(user) >= sizeof(theHttpUser)) user[sizeof(theHttpUser)-1] = '\0';
   strcpy(theHttpUser, user);
Commit	Line	Data
8db4b37a ER	1	revision 1.3
	2	date: 2009/10/10 06:09:31; author: rakesh; state: Exp; lines: +11 -9
	3	Patch7: ntop-http_c_user.patch for #518264 (CVE-2009-2732)
	4	----------------------------
	5	revision 1.2
	6	date: 2009/08/05 15:25:07; author: rakesh; state: dead; lines: +0 -0
	7
	8	- Updated to 3.3.10, updated geoip patch
	9	- lua_wget patch to prevent wget lua
	10	- removed ntop-http_c.patch
	11	----------------------------
	12	revision 1.1
	13	date: 2009/03/17 08:28:30; author: rakesh; state: Exp;
	14	Fixed world-writable access log (#490561)
	15
	16	--- ntop-3.3.10.org/http.c 2009-09-13 14:23:48.895204786 +0530
	17	+++ ntop-3.3.10/http.c 2009-09-13 14:45:35.603204376 +0530
	18	@@ -3439,6 +3439,9 @@
	19	strncpy(thePw, &outBuffer[i+1], thePwLen-1)[thePwLen-1] = '\0';
	20	}
	21
	22	+ if(user == NULL)
	23	+ user = "";
	24	+
	25	if(strlen(user) >= sizeof(theHttpUser)) user[sizeof(theHttpUser)-1] = '\0';
	26	strcpy(theHttpUser, user);
	27