ntop-http_c.patch

   1 revision 1.3
   2 date: 2009/10/10 06:09:31;  author: rakesh;  state: Exp;  lines: +11 -9
   3 Patch7: ntop-http_c_user.patch for #518264 (CVE-2009-2732)
   4 ----------------------------
   5 revision 1.2
   6 date: 2009/08/05 15:25:07;  author: rakesh;  state: dead;  lines: +0 -0
   7
   8  - Updated to 3.3.10, updated geoip patch
   9  - lua_wget patch to prevent wget lua
  10  - removed ntop-http_c.patch
  11 ----------------------------
  12 revision 1.1
  13 date: 2009/03/17 08:28:30;  author: rakesh;  state: Exp;
  14 Fixed world-writable access log (#490561)
  15
  16 --- ntop-3.3.10.org/http.c      2009-09-13 14:23:48.895204786 +0530
  17 +++ ntop-3.3.10/http.c  2009-09-13 14:45:35.603204376 +0530
  18 @@ -3439,6 +3439,9 @@
  19      strncpy(thePw, &outBuffer[i+1], thePwLen-1)[thePwLen-1] = '\0';
  20    }
  21
  22 +  if(user == NULL)
  23 +    user = "";
  24 +
  25    if(strlen(user) >= sizeof(theHttpUser)) user[sizeof(theHttpUser)-1] = '\0';
  26    strcpy(theHttpUser, user);
  27