This is the mail archive of the ecos-bugs@sourceware.org mailing list for the eCos project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug 1000376] New: ATHTTPD security Authorization parse can overrun memory

From: bugzilla-daemon at ecoscentric dot com
To: ecos-bugs at sources dot redhat dot com
Date: Thu, 1 Mar 2007 10:51:08 +0000 (GMT)
Subject: [Bug 1000376] New: ATHTTPD security Authorization parse can overrun memory

https://bugzilla.ecoscentric.com/show_bug.cgi?id=1000376

           Summary: ATHTTPD security Authorization parse can overrun memory
           Product: eCos
           Version: 2.0
          Platform: Other
        OS/Version: All
            Status: UNCONFIRMED
          Severity: critical
          Priority: normal
         Component: Other
        AssignedTo: jifl@ecoscentric.com
        ReportedBy: bugzilla_rmvthis@ds3switch.com
         QAContact: ecos-bugs@sources.redhat.com


auth.c:cyg_httpd_digest_data() doesn't check length of http response value it's parsing and can merrily overwrite all memory.

-- 
Configure bugmail: https://bugzilla.ecoscentric.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]