https://bz.apache.org/bugzilla/show_bug.cgi?id=61511
--- Comment #2 from Luca Toscano <toscano.l...@gmail.com> --- Hi Hanno, thanks a lot for the report. The following patch seems to work for me: ./support/htdigest poc try elukey The following line is longer than the maximum allowed (256): aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa I am not familiar with the htdigest.c code so I'll need to take a deeper look. Will wait for other people's comments too :) Luca Patch: Index: support/htdigest.c =================================================================== --- support/htdigest.c (revision 1807869) +++ support/htdigest.c (working copy) @@ -256,6 +256,11 @@ found = 0; while (!(get_line(line, sizeof(line), f))) { + if (strlen(line) >= MAX_STRING_LEN) { + apr_file_printf(errfile, "The following line is longer than the " + "maximum allowed (%i): %s", MAX_STRING_LEN, line); + cleanup_tempfile_and_exit(1); + } if (found || (line[0] == '#') || (!line[0])) { putline(tfp, line); continue; -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org