54893 – Buffer overrun in htdigest

Bug 54893 - Buffer overrun in htdigest

Summary: Buffer overrun in htdigest

Status:	RESOLVED FIXED

Alias:	None

Product:	Apache httpd-2
Classification:	Unclassified
Component:	support (show other bugs)
Version:	2.2.24
Hardware:	All All

Importance:	P2 normal (vote)
Target Milestone:	---
Assignee:	Apache HTTPD Bugs Mailing List

URL:
Keywords:	FixedInTrunk

Depends on:
Blocks:

Reported:	2013-04-25 16:09 UTC by Petr Sumbera
Modified:	2014-08-19 07:02 UTC (History)
CC List:	0 users

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Petr Sumbera 2013-04-25 16:09:07 UTC

Parfait reported following:

Error: Buffer overrun
   Buffer overflow (CWE 120): In pointer dereference of s[i] with index 'i'
      Pointer size is 768 bytes, index is 768
        at line 105 of httpd-2.2.24/support/htdigest.c in function 'get_line'.
        called at line 258 in function 'main' with s = line.


This seems to be true also for HEAD.

Comment 1 Rainer Jung 2013-04-25 18:13:44 UTC

Fixed in trunk in r1475878.
Proposed for 2.4 and 2.2.
Thanks for the report.

Comment 2 Rainer Jung 2013-04-26 12:54:07 UTC

Fixed in 2.4 with r1476089.

Comment 3 Rainer Jung 2013-04-26 15:07:26 UTC

Fixed in 2.2.x with r1476242.

Fix will be released with 2.4.5 and 2.2.25.

Proposed for 2.0.x.