This is the mail archive of the
ecos-bugs@sourceware.org
mailing list for the eCos project.
[Bug 1000376] ATHTTPD security Authorization parse can overrun memory
- From: bugzilla-daemon at ecoscentric dot com
- To: ecos-bugs at sources dot redhat dot com
- Date: Thu, 1 Mar 2007 20:29:05 +0000 (GMT)
- Subject: [Bug 1000376] ATHTTPD security Authorization parse can overrun memory
https://bugzilla.ecoscentric.com/show_bug.cgi?id=1000376
------- Additional Comments From bugzilla_rmvthis@ds3switch.com 2007-03-01 20:29 -------
also fix BASIC authorizations.
digest_data parses "DIGEST" type authorizations, but should also be applied with this security fix to parse the "BASIC" authorization around http.c:cyg_httpd_process_header:933
Proposed fix for basic is:
if (strncasecmp("Basic", p, 5) == 0)
{
- char *cr = cyg_httpd_md5_digest;
- p += 5;
- while (*p == ' ')
- p++;
- while ((*p != '\r') && (*p != '\n') && (*p != ' '))
- *cr++ = *p++;
- *cr = '\0';
+ p += 5;
+ while (*p == ' ')
+ p++;
+ p = cyg_httpd_digest_data(cyg_httpd_md5_digest, p, sizeof +(cyg_httpd_md5_digest));
and have cyg_httpd_digest_data take an extra argument which is sizeof dest.
--
Configure bugmail: https://bugzilla.ecoscentric.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.