- use strncpy() instad strcpy() in htdigest: fix buffer overflow in htdigest.

author kloczek <kloczek@pld-linux.org>

Wed, 23 Apr 2003 06:01:36 +0000 (06:01 +0000)

committer cvs2git <feedback@pld-linux.org>

Sun, 24 Jun 2012 12:13:13 +0000 (12:13 +0000)
author kloczek <kloczek@pld-linux.org>
Wed, 23 Apr 2003 06:01:36 +0000 (06:01 +0000)
committer cvs2git <feedback@pld-linux.org>
Sun, 24 Jun 2012 12:13:13 +0000 (12:13 +0000)
diff --git a/apache-security_htdigest_bufferoverflow.patch b/apache-security_htdigest_bufferoverflow.patch

new file mode 100644 (file)

index 0000000..4e5c849
--- /dev/null
+++ b/apache-security_htdigest_bufferoverflow.patch
@@ -0,0 +1,13 @@
+--- apache_1.3.26/src/support/htdigest.c       2002-10-23 09:22:02.000000000 +0200
++++ apache_1.3.26/src/support/htdigest.c       2002-10-26 09:33:54.000000000 +0200
+@@ -255,8 +255,8 @@
+       fprintf(stderr, "Use -c option to create new one.\n");
+       exit(1);
+     }
+-    strcpy(user, argv[3]);
+-    strcpy(realm, argv[2]);
++    strncpy(user, argv[3], sizeof (user));
++    strncpy(realm, argv[2], sizeof (realm));
+ 
+     found = 0;
+     while (!(getline(line, MAX_STRING_LEN, f))) {
author	kloczek <kloczek@pld-linux.org>
	Wed, 23 Apr 2003 06:01:36 +0000 (06:01 +0000)
committer	cvs2git <feedback@pld-linux.org>
	Sun, 24 Jun 2012 12:13:13 +0000 (12:13 +0000)