[mod_secdownload] fix buffer overflow in secdl_verify_mac (reported by Fortify Open Review Project)

Impact is probably low on most platforms, as it will probably overwrite one byte of "HASH HA1" which isn't used afterwards anymore. Reference: Fortify Open Review Project - lighttpd 1.4.39 ID 22708159 - Buffer Overflow: Off-by-One From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3096 152afb58-edef-0310-8abb-c4023f1b3aa9
2016-03-13 14:53:20 +00:00 · 2016-03-13 14:53:20 +00:00 · 2a8f73e7d4
parent a6477d8481
commit 2a8f73e7d4
2 changed files with 2 additions and 1 deletions
--- a/1
+++ b/1
@ -25,6 +25,7 @@ NEWS
  * [mod_cgi] kill CGI if fail to write request body
  * [mod_proxy] use case-insensitive comparision to filter headers, send Connection: Close to backend (fixes #421)
  * [mod_dirlisting] dir-listing.hide-dotfiles = "enabled" by default (fixes #1081)
+  * [mod_secdownload] fix buffer overflow in secdl_verify_mac (reported by Fortify Open Review Project)

 - 1.4.39 - 2016-01-02
  * [core] fix memset_s call (fixes #2698)
--- a/src/mod_secdownload.c
+++ b/src/mod_secdownload.c
@ -153,7 +153,7 @@ static int secdl_verify_mac(server *srv, plugin_config *config, const char* prot
 		{
 			li_MD5_CTX Md5Ctx;
 			HASH HA1;
-			char hexmd5[32];
+			char hexmd5[33];
 			const char *ts_str;
 			const char *rel_uri;