Bug 54893 - Buffer overrun in htdigest
Buffer overrun in htdigest
Status: NEW
Product: Apache httpd-2
Classification: Unclassified
Component: support
2.2.24
All All
: P2 normal (vote)
: ---
Assigned To: Apache HTTPD Bugs Mailing List
: FixedInTrunk
Depends on:
Blocks:
  Show dependency tree
 
Reported: 2013-04-25 16:09 UTC by Petr Sumbera
Modified: 2013-05-15 19:49 UTC (History)
0 users



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Petr Sumbera 2013-04-25 16:09:07 UTC
Parfait reported following:

Error: Buffer overrun
   Buffer overflow (CWE 120): In pointer dereference of s[i] with index 'i'
      Pointer size is 768 bytes, index is 768
        at line 105 of httpd-2.2.24/support/htdigest.c in function 'get_line'.
        called at line 258 in function 'main' with s = line.


This seems to be true also for HEAD.
Comment 1 Rainer Jung 2013-04-25 18:13:44 UTC
Fixed in trunk in r1475878.
Proposed for 2.4 and 2.2.
Thanks for the report.
Comment 2 Rainer Jung 2013-04-26 12:54:07 UTC
Fixed in 2.4 with r1476089.
Comment 3 Rainer Jung 2013-04-26 15:07:26 UTC
Fixed in 2.2.x with r1476242.

Fix will be released with 2.4.5 and 2.2.25.

Proposed for 2.0.x.