Re: Patch for fixing CAN-2004-0940 in apache 1.3, update

To: Martin Pitt <martin.pitt@canonical.com>
Cc: Debian Security Team <team@security.debian.org>, Debian Apache Maintainers <debian-apache@lists.debian.org>
Subject: Re: Patch for fixing CAN-2004-0940 in apache 1.3, update
From: Martin Schulze <joey@infodrom.org>
Date: Thu, 4 Nov 2004 08:26:52 +0100
Message-id: <[🔎] 20041104072652.GB26219@finlandia.infodrom.north.de>
In-reply-to: <[🔎] 20041103105936.GA20506@box79162.elkhouse.de>
References: <20041029122200.GA17070@box79162.elkhouse.de> <20041029132135.GA17149@box79162.elkhouse.de> <[🔎] 20041101191841.GJ7329@finlandia.infodrom.north.de> <[🔎] 20041103105936.GA20506@box79162.elkhouse.de>

Martin Pitt wrote:
> Martin Schulze [2004-11-01 20:18 +0100]:
> > Thanks a lot.  There's another update in the work that fixes problem
> > with htpasswd.  I'm attaching the patch.  I haven't received a CVE Id
> > so will forward it when it is there.
> > 
> > For sid please let me know which version of Apache that will have both
> > problems fixed.
> 
> Version apache_1.3.31-8 has this fix and is ready to be uploaded. But
> I would really like to include the CAN number before I do this.

Seems like mitre doesn't want to spend and ID on this, but I think
Steve is missing something since my mails weren't moderated though
on bugtraq (for whatever reasons I don't know).

Below is an updated patch.  I'm willing to wait a bit to see mitre's
reply.

Regards,

	Joey

-- 
All language designers are arrogant.  Goes with the territory...
	-- Larry Wall

Please always Cc to me when replying to me on the lists.

diff -u -p -Nr --exclude CVS build-tree.orig/apache_1.3.26/src/support/htpasswd.c build-tree/apache_1.3.26/src/support/htpasswd.c
--- build-tree.orig/apache_1.3.26/src/support/htpasswd.c	2004-11-04 08:21:59.000000000 +0100
+++ build-tree/apache_1.3.26/src/support/htpasswd.c	2004-11-04 08:22:42.000000000 +0100
@@ -455,11 +455,11 @@ int main(int argc, char *argv[])
 	    return ERR_OVERFLOW;
 	}
 	strcpy(pwfilename, argv[i]);
-	if (strlen(argv[i + 1]) > (sizeof(user) - 1)) {
-	    fprintf(stderr, "%s: username too long (>%lu)\n", argv[0],
-		    (unsigned long)(sizeof(user) - 1));
-	    return ERR_OVERFLOW;
-	}
+    }
+    if (strlen(argv[i + 1]) > (sizeof(user) - 1)) {
+	fprintf(stderr, "%s: username too long (>%lu)\n", argv[0],
+		(unsigned long)(sizeof(user) - 1));
+	return ERR_OVERFLOW;
     }
     strcpy(user, argv[i + 1]);
     if ((arg = strchr(user, ':')) != NULL) {
@@ -598,6 +598,10 @@ int main(int argc, char *argv[])
 		putline(ftemp, line);
 		continue;
 	    }
+	    if (strlen(line) > (sizeof(scratch) - 1)) {
+	        fprintf(stderr, "%s: line too long\n", argv[0]);
+		return ERR_OVERFLOW;
+	    }
 	    strcpy(scratch, line);
 	    /*
 	     * See if this is our user.

Reply to:

References:
- Re: Patch for fixing CAN-2004-0940 in apache 1.3, update
  - From: Martin Schulze <joey@infodrom.org>
- Re: Patch for fixing CAN-2004-0940 in apache 1.3, update
  - From: Martin Pitt <martin.pitt@canonical.com>

Prev by Date: unsubscribe
Next by Date: Bug#279690: apache-ssl: Segmentation fault when accessing any pages
Previous by thread: Re: Patch for fixing CAN-2004-0940 in apache 1.3, update
Next by thread: реклама в Сети
Index(es):
- Date
- Thread