The following reply was made to PR mod_auth-any/1672; it has been noted by
GNATS.
From: Jan Wedekind <[EMAIL PROTECTED]>
To: Marc Slemko <[EMAIL PROTECTED]>
Cc: Jan Wedekind <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
Subject: Re: mod_auth-any/1672: Authentication / .htaccess DoS attack
Date: Wed, 04 Mar 1998 12:07:51 +0100
Hello again,
well, because of another bug i just tried out 1.2.6 developer version
and modified util.c:cfg_getline() to avoid reading /dev/null, sparse
files or binaries containing the Null-character.
What about of this solution of fixing the problem ?
Jan
diff -c util.c.orig util.c
*** util.c.orig Tue Mar 3 12:10:17 1998
--- util.c Wed Mar 4 11:34:20 1998
***************
*** 567,573 ****
c = getc(f);
} while (c == '\t' || c == ' ');
! if(c == EOF)
return 1;
if(n < 2) {
--- 567,573 ----
c = getc(f);
} while (c == '\t' || c == ' ');
! if(c == EOF || !c) /* avoid reading sparse, binary or
/dev/null */
return 1;
if(n < 2) {
***************
*** 576,581 ****
--- 576,583 ----
}
while(1) {
+ if (!c) return 1; /* avoid reading sparse, binary or /dev/null */
+
if((c == '\t') || (c == ' ')) {
s[i++] = ' ';
while((c == '\t') || (c == ' '))
> On 14 Jan 1998, Jan Wedekind wrote:
>
> > >Description:
> > (same report will be sent to bugtraq; this is the same splitted text)
> >
> > At the beginning of the week (after the release of apache 1.2.5)
> > we discoverd a DoS attack in apache and (eventually) other / all (?)
> > httpd's. Many thanks to Bernard "sendmail" Steiner <[EMAIL PROTECTED]>,
> > who got the important idea.
> >
> > For apache 1.2.x (and very sure all versions before), the
> > DoS may be exploited if both of the following conditions are true:
>
Mit freundlichen Gr��en / best regards,
UUNET Deutschland GmbH
Jan Wedekind
(Dipl.-Informatiker)
Web Competence Center UUNET Deutschland GmbH
Tel. +49 231 972 2280 Emil-Figge-Stra�e 80
Fax. +49 231 972 1180 44227 Dortmund, Germany
[EMAIL PROTECTED] URL: http://www.uunet.de
