diff options
| author | Antonio Hernández Blas <hba.nihilismus@gmail.com> | 2014-11-05 18:22:25 +0700 |
|---|---|---|
| committer | Willy Sudiarto Raharjo <willysr@slackbuilds.org> | 2014-11-08 06:30:11 +0700 |
| commit | 60c75ff791ce88fe9bddede4997aa2c6dfea5e64 (patch) | |
| tree | 2751074694fa5987c3e7fe304c9205a7aae73e5d /network/thttpd/patches/2.25b/additional-input-validation-httpd.c.diff | |
| parent | 2e8081a46c101e236b26256a8440f5d6d0ab168c (diff) | |
| download | slackbuilds-60c75ff791ce88fe9bddede4997aa2c6dfea5e64.tar.gz | |
network/thttpd: Updated for version 2.26.
Signed-off-by: Willy Sudiarto Raharjo <willysr@slackbuilds.org>
Diffstat (limited to 'network/thttpd/patches/2.25b/additional-input-validation-httpd.c.diff')
| -rw-r--r-- | network/thttpd/patches/2.25b/additional-input-validation-httpd.c.diff | 62 |
1 files changed, 62 insertions, 0 deletions
diff --git a/network/thttpd/patches/2.25b/additional-input-validation-httpd.c.diff b/network/thttpd/patches/2.25b/additional-input-validation-httpd.c.diff new file mode 100644 index 0000000000..04f59eac8e --- /dev/null +++ b/network/thttpd/patches/2.25b/additional-input-validation-httpd.c.diff @@ -0,0 +1,62 @@ +--- thttpd-2.25b/extras/htpasswd.c.orig 2006-03-31 04:12:42.281317000 +0000 ++++ thttpd-2.25b/extras/htpasswd.c 2006-03-31 05:21:37.741632392 +0000 +@@ -151,6 +151,7 @@ void interrupted(int signo) { + int main(int argc, char *argv[]) { + FILE *tfp,*f; + char user[MAX_STRING_LEN]; ++ char pwfilename[MAX_STRING_LEN]; + char line[MAX_STRING_LEN]; + char l[MAX_STRING_LEN]; + char w[MAX_STRING_LEN]; +@@ -168,6 +169,25 @@ int main(int argc, char *argv[]) { + perror("fopen"); + exit(1); + } ++ if (strlen(argv[2]) > (sizeof(pwfilename) - 1)) { ++ fprintf(stderr, "%s: filename is too long\n", argv[0]); ++ exit(1); ++ } ++ if (((strchr(argv[2], ';')) != NULL) || ((strchr(argv[2], '>')) != NULL)) { ++ fprintf(stderr, "%s: filename contains an illegal character\n", ++ argv[0]); ++ exit(1); ++ } ++ if (strlen(argv[3]) > (sizeof(user) - 1)) { ++ fprintf(stderr, "%s: username is too long\n", argv[0], ++ sizeof(user) - 1); ++ exit(1); ++ } ++ if ((strchr(argv[3], ':')) != NULL) { ++ fprintf(stderr, "%s: username contains an illegal character\n", ++ argv[0]); ++ exit(1); ++ } + printf("Adding password for %s.\n",argv[3]); + add_password(argv[3],tfp); + fclose(tfp); +@@ -180,6 +200,25 @@ int main(int argc, char *argv[]) { + exit(1); + } + ++ if (strlen(argv[1]) > (sizeof(pwfilename) - 1)) { ++ fprintf(stderr, "%s: filename is too long\n", argv[0]); ++ exit(1); ++ } ++ if (((strchr(argv[1], ';')) != NULL) || ((strchr(argv[1], '>')) != NULL)) { ++ fprintf(stderr, "%s: filename contains an illegal character\n", ++ argv[0]); ++ exit(1); ++ } ++ if (strlen(argv[2]) > (sizeof(user) - 1)) { ++ fprintf(stderr, "%s: username is too long\n", argv[0], ++ sizeof(user) - 1); ++ exit(1); ++ } ++ if ((strchr(argv[2], ':')) != NULL) { ++ fprintf(stderr, "%s: username contains an illegal character\n", ++ argv[0]); ++ exit(1); ++ } + if(!(f = fopen(argv[1],"r"))) { + fprintf(stderr, + "Could not open passwd file %s for reading.\n",argv[1]); |