Commit1ed95ad

trawick

authored and

Felipe Zimmerle

committed

Fix invalid storage reference by apr_psprintf() when creating a string from salt[]. salt[] is not '\0'-terminated, so apr_psprintf() needs to be told the extent of the bytes to read.

It is easy to test old/new code standalone with valgrind;jst insert the getkey() function into this template:-----------getkey() goes here-----------------int main(void){ apr_pool_t *p; apr_initialize(); apr_pool_create(&p, NULL); printf("%s\n", getkey(p)); return 0;}

1 parenta9a3925 commit1ed95adCopy full SHA for 1ed95ad

File tree

1 file changed

-2

lines changed

apache2
- msc_crypt.c

1 file changed

-2

lines changed

`‎apache2/msc_crypt.c‎`

Lines changed: 2 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -152,14 +152,14 @@ char getkey(apr_pool_t mp) {`
`152`	`152`	`charsalt[64];`
`153`	`153`
`154`	`154`	`apr_generate_random_bytes(salt,sizeof(salt));`
`155`		`-key=apr_psprintf(mp,"%s",salt);`
	`155`	`+key=apr_psprintf(mp,"%.*s",(int)sizeof(salt),salt);`
`156`	`156`
`157`	`157`	`apr_sha1_init (&ctx);`
`158`	`158`	`apr_sha1_update (&ctx, (constchar*)key,strlen(key));`
`159`	`159`	`apr_sha1_update (&ctx,"\0",1);`
`160`	`160`
`161`	`161`	`apr_generate_random_bytes(salt,sizeof(salt));`
`162`		`-value=apr_psprintf(mp,"%s",salt);`
	`162`	`+value=apr_psprintf(mp,"%.*s",(int)sizeof(salt),salt);`
`163`	`163`
`164`	`164`	`apr_sha1_update (&ctx,value,strlen (value));`
`165`	`165`	`apr_sha1_final (digest,&ctx);`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit1ed95ad

File tree

1 file changed

1 file changed

`‎apache2/msc_crypt.c‎`

0 commit comments