https://bz.apache.org/bugzilla/show_bug.cgi?id=60634
Bug ID: 60634
Summary: Stack address is returned from function mkrecord
Product: Apache httpd-2
Version: 2.4.25
Hardware: PC
OS: All
Status: NEW
Severity: normal
Priority: P2
Component: support
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ---
The vulnerable function is in "support/htpasswd.c".
The code snippet is as following.
static int mkrecord(struct passwd_ctx *ctx, char *user)
{
char hash_str[MAX_STRING_LEN];
...
ctx->out = hash_str;
...
ret = mkhash(ctx);
if (ret)
return ret;
...
}
As "ctx->out" is not updated in function "mkhash", a stack address, i.e.
"hash_str" is returned as a side effect.
This issue is similar to Bug 59844.
Note that this issue is reported by shqking and Zhenwei Zou.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
