is enabled, could allow local users to gain privileges via a .htaccess
file. [Stefan Fritsch, Greg Ames]
+ *) htdigest: Fix buffer overflow when reading digest password file
+ with very long lines. PR 54893. [Rainer Jung]
+
*) mod_ssl: Add "SSLHonorCipherOrder" directive to enable the
OpenSSL 0.9.7 flag which uses the server's cipher order rather
than the client's. PR 28665.
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
[ start all new proposals below, under PATCHES PROPOSED. ]
- * htdigest: Fix buffer overflow when reading digest
- password file with very long lines. PR 54893.
- trunk patch: https://svn.apache.org/r1475878
- 2.4.x patch: https://svn.apache.org/11476089
- 2.2.x patch: https://svn.apache.org/r1476242
- 2.0.x patch: http://people.apache.org/~rjung/patches/htdigest-buffer_overflow_2_0.patch
- +1: rjung, minfrin, wrowe
- -1:
-
PATCHES PROPOSED TO BACKPORT FROM TRUNK:
[ please place SVN revisions from trunk here, so it is easy to
char ch;
apr_status_t rv = APR_EINVAL;
- while (i < (n - 1) &&
+ /* we need 2 remaining bytes in buffer */
+ while (i < (n - 2) &&
((rv = apr_file_getc(&ch, f)) == APR_SUCCESS) && (ch != '\n')) {
s[i++] = ch;
}
+ /* First remaining byte potentially used here */
if (ch == '\n')
s[i++] = ch;
+ /* Second remaining byte used here */
s[i] = '\0';
if (rv != APR_SUCCESS)
projects / thirdparty / apache / httpd.git / commitdiff
