reject overlong credentials from command line

Reviewed by: Justin Erenkrantz, Jeff Trawick

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/1.3.x@100881 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/src/CHANGES b/src/CHANGES
index 47700677c4690c708215a4c5cfe601a8f25e003b..345c3a1c40563a6f14ae9c78f7c5e8c1dc889ea4 100644 (file)
--- a/src/CHANGES
+++ b/src/CHANGES
@@ -1,5 +1,8 @@
 Changes with Apache 1.3.29
 
+  *) ab: Overlong credentials given via command line no longer clobber
+     the buffer.  [André Malo]
+
   *) Fix ProxyPass for ftp requests - the original code was segfaulting since 
      many of the values were not being filled out in the request_rec.
      [Tollef Fog Heen <tfheen@debian.org, Thom May]

diff --git a/src/support/ab.c b/src/support/ab.c
index 3e2cbda468456e7913c3639316b608a0b91bc597..09f25e3286c8ee27d8ec94ac5b315a34a8deaad5 100644 (file)
--- a/src/support/ab.c
+++ b/src/support/ab.c
@@ -1358,14 +1358,14 @@ static void test(void)
 static void copyright(void)
 {
     if (!use_html) {
-       printf("This is ApacheBench, Version %s\n", VERSION " <$Revision: 1.69 $> apache-1.3");
+       printf("This is ApacheBench, Version %s\n", VERSION " <$Revision: 1.70 $> apache-1.3");
        printf("Copyright (c) 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/\n");
        printf("Copyright (c) 1998-2002 The Apache Software Foundation, http://www.apache.org/\n");
        printf("\n");
     }
     else {
        printf("<p>\n");
-       printf(" This is ApacheBench, Version %s <i>&lt;%s&gt;</i> apache-1.3<br>\n", VERSION, "$Revision: 1.69 $");
+       printf(" This is ApacheBench, Version %s <i>&lt;%s&gt;</i> apache-1.3<br>\n", VERSION, "$Revision: 1.70 $");
        printf(" Copyright (c) 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/<br>\n");
        printf(" Copyright (c) 1998-2002 The Apache Software Foundation, http://www.apache.org/<br>\n");
        printf("</p>\n<p>\n");
@@ -1593,7 +1593,12 @@ int main(int argc, char **argv)
             */
            while (isspace((int)*optarg))
                optarg++;
-           l = ap_base64encode(tmp, optarg, strlen(optarg));
+            if (ap_base64encode_len(strlen(optarg)) > sizeof(tmp)) {
+                fprintf(stderr, "%s: Authentication credentials too long\n",
+                        argv[0]);
+                exit(1);
+            }
+            l = ap_base64encode(tmp, optarg, strlen(optarg));
            tmp[l] = '\0';
 
            strncat(auth, "Authorization: Basic ", sizeof(auth)-strlen(auth)-1);
@@ -1606,6 +1611,10 @@ int main(int argc, char **argv)
             */
            while (isspace((int)*optarg))
                optarg++;
+            if (ap_base64encode_len(strlen(optarg)) > sizeof(tmp)) {
+                fprintf(stderr, "%s: Proxy credentials too long\n", argv[0]);
+                exit(1);
+            }
            l = ap_base64encode(tmp, optarg, strlen(optarg));
            tmp[l] = '\0';