Browse Source

fixed possible overflow in password-salt handling

(reported on slashdot by james-web@and.org)


git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-merge-1.4.x@871 152afb58-edef-0310-8abb-c4023f1b3aa9
svn/tags/lighttpd-1.4.8
Jan Kneschke 16 years ago
parent
commit
ad7d85b7f5
  1. 2
      src/http_auth.c

2
src/http_auth.c

@ -481,7 +481,7 @@ static int http_auth_basic_password_compare(server *srv, mod_auth_plugin_data *p
salt_len = dollar - password->ptr;
}
if (salt_len - 1 > sizeof(salt)) {
if (salt_len > sizeof(salt) - 1) {
fprintf(stderr, "%s.%d\n", __FILE__, __LINE__);
return -1;
}

Loading…
Cancel
Save