When developing a patch I found with the buffer size of a variable in
http.c. It bug only shows itself sometimes, and relates to the compile
process. When I recompiled a source rpm of ntop 3.0 on a server I saw
the bug, but if I used rpm compiled by the packages author I didn't. I
traced it down to the length of a string. See below for details.
Correct strings produced by original rpm:
Server: ntop/3.0 (Dag Apt RPM Repository) (i686-pc-linux-gnu)
WWW-Authenticate: Basic realm="ntop HTTP server"
Broken strings produced by my original rpm:
Server: ntop/3.0 (Dag Apt RPM Repository)
(i686-redhat-linux-gnWWW-Authenticate: Basic realm="ntop HTTP server"
Correct strings produced by my fixed rpm:
Server: ntop/3.0 (Dag Apt RPM Repository) (i686-redhat-linux-gnu)
WWW-Authenticate: Basic realm="ntop HTTP server"
The problem code in http.c:
char tmpStr[64], theDate[48];
if(snprintf(tmpStr, sizeof(tmpStr), "Server: ntop/%s (%s)\r\n",
version, osName) < 0)
BufferTooShort();
sendString(tmpStr);
The buffer isn't big enough and so the \r\n plus a few characters at the
end of the line are cut off. This merged the line with the next and
breaks authentication. The fix is just to increase the variable size, I
simply raised it from 64 to 128.
--- ntop-3.0-clean/http.c 2004-03-15 23:39:14.000000000 -0800
+++ ntop-3.0-fixed/http.c 2004-05-11 22:30:34.000000000 -0700
@@ -885,7 +885,7 @@
void sendHTTPHeader(int mimeType, int headerFlags, int useCompressionIfAvailable) {
int statusIdx;
- char tmpStr[64], theDate[48];
+ char tmpStr[128], theDate[48];
time_t theTime = myGlobals.actTime - (time_t)myGlobals.thisZone;
struct tm t;
