Re: Patch for fixing CAN-2004-0940 in apache 1.3, update
Martin Pitt wrote:
> Martin Schulze [2004-11-01 20:18 +0100]:
> > Thanks a lot. There's another update in the work that fixes problem
> > with htpasswd. I'm attaching the patch. I haven't received a CVE Id
> > so will forward it when it is there.
> >
> > For sid please let me know which version of Apache that will have both
> > problems fixed.
>
> Version apache_1.3.31-8 has this fix and is ready to be uploaded. But
> I would really like to include the CAN number before I do this.
Seems like mitre doesn't want to spend and ID on this, but I think
Steve is missing something since my mails weren't moderated though
on bugtraq (for whatever reasons I don't know).
Below is an updated patch. I'm willing to wait a bit to see mitre's
reply.
Regards,
Joey
--
All language designers are arrogant. Goes with the territory...
-- Larry Wall
Please always Cc to me when replying to me on the lists.
diff -u -p -Nr --exclude CVS build-tree.orig/apache_1.3.26/src/support/htpasswd.c build-tree/apache_1.3.26/src/support/htpasswd.c
--- build-tree.orig/apache_1.3.26/src/support/htpasswd.c 2004-11-04 08:21:59.000000000 +0100
+++ build-tree/apache_1.3.26/src/support/htpasswd.c 2004-11-04 08:22:42.000000000 +0100
@@ -455,11 +455,11 @@ int main(int argc, char *argv[])
return ERR_OVERFLOW;
}
strcpy(pwfilename, argv[i]);
- if (strlen(argv[i + 1]) > (sizeof(user) - 1)) {
- fprintf(stderr, "%s: username too long (>%lu)\n", argv[0],
- (unsigned long)(sizeof(user) - 1));
- return ERR_OVERFLOW;
- }
+ }
+ if (strlen(argv[i + 1]) > (sizeof(user) - 1)) {
+ fprintf(stderr, "%s: username too long (>%lu)\n", argv[0],
+ (unsigned long)(sizeof(user) - 1));
+ return ERR_OVERFLOW;
}
strcpy(user, argv[i + 1]);
if ((arg = strchr(user, ':')) != NULL) {
@@ -598,6 +598,10 @@ int main(int argc, char *argv[])
putline(ftemp, line);
continue;
}
+ if (strlen(line) > (sizeof(scratch) - 1)) {
+ fprintf(stderr, "%s: line too long\n", argv[0]);
+ return ERR_OVERFLOW;
+ }
strcpy(scratch, line);
/*
* See if this is our user.
Reply to: