From a3105d42c001c4ed922a89c4eb818da3b50747c3 Mon Sep 17 00:00:00 2001
From: Randy Terbush <randy@apache.org>
Date: Sun, 12 Jan 1997 00:45:54 +0000
Subject: [PATCH] Fix a buffer overflow problem which could allow unauthorized
 access. Reviewed by: Marc Slemko, Randy Terbush, Ben Laurie Submitted by:
 Alfred Huger <ahuger@secnet.com>

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/1.3@77419 13f79535-47bb-0310-9956-ffa450edef68
---
 RELEASE_1_1_X/src/mod_cookies.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/RELEASE_1_1_X/src/mod_cookies.c b/RELEASE_1_1_X/src/mod_cookies.c
index e490a13d42e..b94a172d6c4 100644
--- a/RELEASE_1_1_X/src/mod_cookies.c
+++ b/RELEASE_1_1_X/src/mod_cookies.c
@@ -119,7 +119,7 @@ typedef struct {
 void make_cookie(request_rec *r)
 {
     struct timeval tv;
-    char new_cookie[100];	/* blurgh */
+    char new_cookie[1024];	/* blurgh */
     char *dot;
     const char *rname = pstrdup(r->pool, 
 				get_remote_host(r->connection, r->per_dir_config,
@@ -128,6 +128,9 @@ void make_cookie(request_rec *r)
     struct timezone tz = { 0 , 0 };
 
     if ((dot = strchr(rname,'.'))) *dot='\0';	/* First bit of hostname */
+    if (strlen (rname) > 255)
+      rname[256] = 0;
+
     gettimeofday(&tv, &tz);
     sprintf(new_cookie,"%s%s%d%ld%d; path=/",
         COOKIE_NAME, rname,
-- 
2.47.2