reject overlong credentials from command line

Reviewed by: Justin Erenkrantz, Jeff Trawick

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/APACHE_2_0_BRANCH@100880 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index 2c0f1f3251ba26553694e30d9a940db2d4cbecc6..4185ee714e7038e8f361af28074b1f013d2b0fc8 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,5 +1,8 @@
 Changes with Apache 2.0.48
 
+  *) ab: Overlong credentials given via command line no longer clobber
+     the buffer.  [André Malo]
+
   *) mod_deflate: Don't attempt to hold all of the response until we're
      done.  [Justin Erenkrantz]
 

diff --git a/STATUS b/STATUS
index 4059f0b58cc02eafb3dcae1900f1fe60e1ed9e03..d0409d0c188214e8c8e70e7abe12c5c0230c9743 100644 (file)
--- a/STATUS
+++ b/STATUS
@@ -1,5 +1,5 @@
 APACHE 2.0 STATUS:                                              -*-text-*-
-Last modified at [$Date: 2003/07/30 20:33:55 $]
+Last modified at [$Date: 2003/07/31 20:23:20 $]
 
 Release:
 
@@ -266,10 +266,6 @@ PATCHES TO PORT FROM 2.1
             nd replies: of course ..., 1.168 does.
       +1: nd, jerenkrantz, trawick
 
-    * ab: reject overlong credentials from command line (2.0 + 1.3)
-        support/ab.c: r1.127
-      +1: nd, jerenkrantz, trawick
-
     * ab: Handle conditions where connect() on non-blocking socket
       doesn't complete immediately (i.e., restore functionality when
       benchmarking non-local targets).  This doesn't resolve some

diff --git a/support/ab.c b/support/ab.c
index fea3da3569a8f50266bae1d2b5476cb7d881379d..0210b357397ec42b3b854686a19604620fb8e5de 100644 (file)
--- a/support/ab.c
+++ b/support/ab.c
@@ -1777,14 +1777,14 @@ static void test(void)
 static void copyright(void)
 {
     if (!use_html) {
-       printf("This is ApacheBench, Version %s\n", AP_AB_BASEREVISION " <$Revision: 1.121.2.2 $> apache-2.0");
+       printf("This is ApacheBench, Version %s\n", AP_AB_BASEREVISION " <$Revision: 1.121.2.3 $> apache-2.0");
        printf("Copyright (c) 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/\n");
        printf("Copyright (c) 1998-2002 The Apache Software Foundation, http://www.apache.org/\n");
        printf("\n");
     }
     else {
        printf("<p>\n");
-       printf(" This is ApacheBench, Version %s <i>&lt;%s&gt;</i> apache-2.0<br>\n", AP_AB_BASEREVISION, "$Revision: 1.121.2.2 $");
+       printf(" This is ApacheBench, Version %s <i>&lt;%s&gt;</i> apache-2.0<br>\n", AP_AB_BASEREVISION, "$Revision: 1.121.2.3 $");
        printf(" Copyright (c) 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/<br>\n");
        printf(" Copyright (c) 1998-2002 The Apache Software Foundation, http://www.apache.org/<br>\n");
        printf("</p>\n<p>\n");
@@ -2070,6 +2070,9 @@ int main(int argc, const char * const argv[])
             */
            while (apr_isspace(*optarg))
                optarg++;
+            if (apr_base64_encode_len(strlen(optarg)) > sizeof(tmp)) {
+                err("Authentication credentials too long\n");
+            }
            l = apr_base64_encode(tmp, optarg, strlen(optarg));
            tmp[l] = '\0';
 
@@ -2082,6 +2085,9 @@ int main(int argc, const char * const argv[])
              */
            while (apr_isspace(*optarg))
                optarg++;
+            if (apr_base64_encode_len(strlen(optarg)) > sizeof(tmp)) {
+                err("Proxy credentials too long\n");
+            }
            l = apr_base64_encode(tmp, optarg, strlen(optarg));
            tmp[l] = '\0';