Fix a buffer overflow problem which could allow unauthorized access.

Reviewed by: Marc Slemko, Randy Terbush, Ben Laurie
Submitted by: Alfred Huger <ahuger@secnet.com>

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/1.3@77419 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/RELEASE_1_1_X/src/mod_cookies.c b/RELEASE_1_1_X/src/mod_cookies.c
index e490a13d42ef2fdc5cdcd805aeef0e2717f2838b..b94a172d6c44180fa729ee29b5728c9593bda510 100644 (file)
--- a/RELEASE_1_1_X/src/mod_cookies.c
+++ b/RELEASE_1_1_X/src/mod_cookies.c
@@ -119,7 +119,7 @@ typedef struct {
 void make_cookie(request_rec *r)
 {
     struct timeval tv;
-    char new_cookie[100];      /* blurgh */
+    char new_cookie[1024];     /* blurgh */
     char *dot;
     const char *rname = pstrdup(r->pool, 
                                get_remote_host(r->connection, r->per_dir_config,
@@ -128,6 +128,9 @@ void make_cookie(request_rec *r)
     struct timezone tz = { 0 , 0 };
 
     if ((dot = strchr(rname,'.'))) *dot='\0';  /* First bit of hostname */
+    if (strlen (rname) > 255)
+      rname[256] = 0;
+
     gettimeofday(&tv, &tz);
     sprintf(new_cookie,"%s%s%d%ld%d; path=/",
         COOKIE_NAME, rname,