This is the mail archive of the ecos-bugs@sourceware.org mailing list for the eCos project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug 1000376] ATHTTPD security Authorization parse can overrun memory

From: bugzilla-daemon at ecoscentric dot com
To: ecos-bugs at sources dot redhat dot com
Date: Thu, 1 Mar 2007 20:29:05 +0000 (GMT)
Subject: [Bug 1000376] ATHTTPD security Authorization parse can overrun memory

https://bugzilla.ecoscentric.com/show_bug.cgi?id=1000376





------- Additional Comments From bugzilla_rmvthis@ds3switch.com  2007-03-01 20:29 -------
also fix BASIC authorizations.
digest_data parses "DIGEST" type authorizations, but should also be applied with this security fix to parse the "BASIC" authorization around http.c:cyg_httpd_process_header:933

Proposed fix for basic is:
            if (strncasecmp("Basic", p, 5) == 0)
            {
-                char *cr = cyg_httpd_md5_digest;
-                p += 5;
-                while (*p == ' ')
-                    p++;
-                while ((*p != '\r') && (*p != '\n') && (*p != ' '))
-                    *cr++ = *p++;
-                *cr = '\0';
+                p += 5;
+                while (*p == ' ')
+                    p++;
+                p = cyg_httpd_digest_data(cyg_httpd_md5_digest, p, sizeof +(cyg_httpd_md5_digest));

and have cyg_httpd_digest_data take an extra argument which is sizeof dest.


-- 
Configure bugmail: https://bugzilla.ecoscentric.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]