Re: Patch for fixing CAN-2004-0940 in apache 1.3, update

To: Martin Pitt <martin@piware.de>
Cc: Debian Security Team <team@security.debian.org>, Debian Apache Maintainers <debian-apache@lists.debian.org>
Subject: Re: Patch for fixing CAN-2004-0940 in apache 1.3, update
From: Martin Schulze <joey@infodrom.org>
Date: Mon, 1 Nov 2004 20:18:42 +0100
Message-id: <[🔎] 20041101191841.GJ7329@finlandia.infodrom.north.de>
In-reply-to: <20041029132135.GA17149@box79162.elkhouse.de>
References: <20041029122200.GA17070@box79162.elkhouse.de> <20041029132135.GA17149@box79162.elkhouse.de>

Martin Pitt wrote:
> Martin Pitt [2004-10-29 14:22 +0200]:
> > I prepared a patch for fixing a mod_include buffer overflow in Ubuntu
> > and was asked by Fabio to upload a fixed sid version as well
> > (1.3.31-7).
> > 
> > Please find attached the interdiff that was used for 1.3.31-7; you can
> > remove the "Uploaders:" change; the "patch" patch should give no
> > problems, just the changelog patch will probably fail due to a
> > different woody version.
> 
> katie rejected my upload because libapache-mod-perl was still the old
> version. One has to manually tweak that in debian/rules. I reuploaded
> using attached (updated) interdiff. The two new hunks will not apply
> to woody, too (since woody has other revision numbers), but at least
> you know where to change what :-)

Thanks a lot.  There's another update in the work that fixes problem
with htpasswd.  I'm attaching the patch.  I haven't received a CVE Id
so will forward it when it is there.

For sid please let me know which version of Apache that will have both
problems fixed.

Regards,

	Joey

-- 
This is GNU/Linux Country.  On a quiet night, you can hear Windows reboot.

diff -ru build-tree.orig/apache_1.3.26/src/support/htpasswd.c build-tree/apache_1.3.26/src/support/htpasswd.c
--- build-tree.orig/apache_1.3.26/src/support/htpasswd.c	2004-10-30 20:08:25.000000000 +0200
+++ build-tree/apache_1.3.26/src/support/htpasswd.c	2004-10-30 19:57:44.000000000 +0200
@@ -455,11 +455,11 @@ int main(int argc, char *argv[])
 	    return ERR_OVERFLOW;
 	}
 	strcpy(pwfilename, argv[i]);
-	if (strlen(argv[i + 1]) > (sizeof(user) - 1)) {
-	    fprintf(stderr, "%s: username too long (>%lu)\n", argv[0],
-		    (unsigned long)(sizeof(user) - 1));
-	    return ERR_OVERFLOW;
-	}
+    }
+    if (strlen(argv[i + 1]) > (sizeof(user) - 1)) {
+	fprintf(stderr, "%s: username too long (>%lu)\n", argv[0],
+		(unsigned long)(sizeof(user) - 1));
+	return ERR_OVERFLOW;
     }
     strcpy(user, argv[i + 1]);
     if ((arg = strchr(user, ':')) != NULL) {
@@ -598,7 +598,8 @@ int main(int argc, char *argv[])
 		putline(ftemp, line);
 		continue;
 	    }
-	    strcpy(scratch, line);
+	    strncpy(scratch, line,MAX_STRING_LEN -1);
+	    scratch[MAX_STRING_LEN -1] = '\0';
 	    /*
 	     * See if this is our user.
 	     */

Reply to:

Follow-Ups:
- Re: Patch for fixing CAN-2004-0940 in apache 1.3, update
  - From: Martin Pitt <martin.pitt@canonical.com>

Prev by Date: Bug#270252: Messaggio cancellato
Next by Date: реклама в Сети
Previous by thread: Bug#270252: Messaggio cancellato
Next by thread: Re: Patch for fixing CAN-2004-0940 in apache 1.3, update
Index(es):
- Date
- Thread