[mod_secdownload] fix buffer overflow in secdl_verify_mac (reported by Fortify Open Review Project)

Impact is probably low on most platforms, as it will probably overwrite
one byte of "HASH HA1" which isn't used afterwards anymore.

Reference: Fortify Open Review Project - lighttpd 1.4.39
    ID 22708159 - Buffer Overflow: Off-by-One

From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3096 152afb58-edef-0310-8abb-c4023f1b3aa9
svn/heads/lighttpd-1.4.x
Stefan Bühler 7 years ago
parent a6477d8481
commit 2a8f73e7d4
  1. 1
      NEWS
  2. 2
      src/mod_secdownload.c

@ -25,6 +25,7 @@ NEWS
* [mod_cgi] kill CGI if fail to write request body
* [mod_proxy] use case-insensitive comparision to filter headers, send Connection: Close to backend (fixes #421)
* [mod_dirlisting] dir-listing.hide-dotfiles = "enabled" by default (fixes #1081)
* [mod_secdownload] fix buffer overflow in secdl_verify_mac (reported by Fortify Open Review Project)
- 1.4.39 - 2016-01-02
* [core] fix memset_s call (fixes #2698)

@ -153,7 +153,7 @@ static int secdl_verify_mac(server *srv, plugin_config *config, const char* prot
{
li_MD5_CTX Md5Ctx;
HASH HA1;
char hexmd5[32];
char hexmd5[33];
const char *ts_str;
const char *rel_uri;

Loading…
Cancel
Save