-*- coding: utf-8 -*-
Changes with Apache 2.2.25
+ *) htdigest: Fix buffer overflow when reading digest password file
+ with very long lines. PR 54893. [Rainer Jung]
Changes with Apache 2.2.24
2.2.x patch: http://people.apache.org/~wrowe/httpd-2.2-quiet-fips.patch
+1: wrowe, druggeri, kbrand
- * htdigest: Fix buffer overflow when reading digest
- password file with very long lines. PR 54893.
- trunk patch: https://svn.apache.org/r1475878
- 2.4.x patch: https://svn.apache.org/r1476089.
- 2.2.x patch: trunk and 2.4.x patch work
- +1: rjung, humbedooh, rpluem
PATCHES PROPOSED TO BACKPORT FROM TRUNK:
[ New proposals should be added at the end of the list ]
char ch;
apr_status_t rv = APR_EINVAL;
- while (i < (n - 1) &&
+ /* we need 2 remaining bytes in buffer */
+ while (i < (n - 2) &&
((rv = apr_file_getc(&ch, f)) == APR_SUCCESS) && (ch != '\n')) {
s[i++] = ch;
}
+ /* First remaining byte potentially used here */
if (ch == '\n')
s[i++] = ch;
+ /* Second remaining byte used here */
s[i] = '\0';
if (rv != APR_SUCCESS)
projects / thirdparty / apache / httpd.git / commitdiff
