Fix a pair of potential buffer overflows in htdigest

Obtained from: Martin Schulze <joey@infodrom.org>
Reviewed by: William Rowe, Sander Striker, David Reid

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/1.3.x@99659 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/src/CHANGES b/src/CHANGES
index da3de85d8f90a95a01f30e3622d8d3ab8988a124..9de8a2acfe45a156e131f6223ffded159529213b 100644 (file)
--- a/src/CHANGES
+++ b/src/CHANGES
@@ -1,4 +1,7 @@
 Changes with Apache 1.3.28
+  
+  *) Fix a pair of potential buffer overflows in htdigest
+     [Martin Schulze <joey@infodrom.org>, Thom May]
 
   *) A newly created child now has a start_time of 0, to prevent
      mod_status from displaying a bogus value for the "time to

diff --git a/src/support/htdigest.c b/src/support/htdigest.c
index afc84d26cd26efb2a1cfa653eec68c7f96d0e72e..25b5a8db42395956d8763a9e29d268375b3a2895 100644 (file)
--- a/src/support/htdigest.c
+++ b/src/support/htdigest.c
@@ -253,8 +253,8 @@ int main(int argc, char *argv[])
        fprintf(stderr, "Use -c option to create new one.\n");
        exit(1);
     }
-    strcpy(user, argv[3]);
-    strcpy(realm, argv[2]);
+    ap_cpystrn(user, argv[3], sizeof(user));
+    ap_cpystrn(realm, argv[2], sizeof(realm));
 
     found = 0;
     while (!(getline(line, MAX_STRING_LEN, f))) {