https://bz.apache.org/bugzilla/show_bug.cgi?id=61511
--- Comment #2 from Luca Toscano <toscano.l...@gmail.com> ---
Hi Hanno,
thanks a lot for the report. The following patch seems to work for me:
./support/htdigest poc try elukey
The following line is longer than the maximum allowed (256):
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
I am not familiar with the htdigest.c code so I'll need to take a deeper look.
Will wait for other people's comments too :)
Luca
Patch:
Index: support/htdigest.c
===================================================================
--- support/htdigest.c (revision 1807869)
+++ support/htdigest.c (working copy)
@@ -256,6 +256,11 @@
found = 0;
while (!(get_line(line, sizeof(line), f))) {
+ if (strlen(line) >= MAX_STRING_LEN) {
+ apr_file_printf(errfile, "The following line is longer than the "
+ "maximum allowed (%i): %s",
MAX_STRING_LEN, line);
+ cleanup_tempfile_and_exit(1);
+ }
if (found || (line[0] == '#') || (!line[0])) {
putline(tfp, line);
continue;
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org
For additional commands, e-mail: bugs-h...@httpd.apache.org
