The value placeholder in [Proxy-]Authorization headers type 'Digest' was not
initialized or reset before or between successive key=value assignments by
mod_auth_digest. Providing an initial key with no '=' assignment could reflect
the stale value of uninitialized pool memory used by the prior request, leading
to leakage of potentially confidential information, and a segfault.
Submitted by: wrowe
Backports: r1800919
Reviewed by: wrowe, jim, jchampion
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1800955 13f79535-47bb-0310-9956-
ffa450edef68
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
[ start all new proposals below, under PATCHES PROPOSED. ]
- *) Correct string scope to prevent duplicated values for subsequent tokens.
- Submitted by: wrowe
- trunk patch: http://svn.apache.org/r1800919
- +1: wrowe, jim, jchampion
-
*) Fix negotiation type parsing to be strict about "*", "*/*" and "type/*"
comparisons.
Submitted by: wrowe, Robert Święcki <robert swiecki.net>
/* find value */
+ vv = 0;
if (auth_line[0] == '=') {
auth_line++;
while (apr_isspace(auth_line[0])) {
auth_line++;
}
- vv = 0;
if (auth_line[0] == '\"') { /* quoted string */
auth_line++;
while (auth_line[0] != '\"' && auth_line[0] != '\0') {
value[vv++] = *auth_line++;
}
}
- value[vv] = '\0';
}
+ value[vv] = '\0';
while (auth_line[0] != ',' && auth_line[0] != '\0') {
auth_line++;
projects / thirdparty / apache / httpd.git / commitdiff
