1 files changed, 62 insertions, 0 deletions

diff --git a/network/thttpd/patches/additional-input-validation-httpd.c.diff b/network/thttpd/patches/additional-input-validation-httpd.c.diff
new file mode 100644
index 0000000000..04f59eac8e
--- /dev/null
+++ b/network/thttpd/patches/additional-input-validation-httpd.c.diff
@@ -0,0 +1,62 @@
+--- thttpd-2.25b/extras/htpasswd.c.orig	2006-03-31 04:12:42.281317000 +0000
++++ thttpd-2.25b/extras/htpasswd.c	2006-03-31 05:21:37.741632392 +0000
+@@ -151,6 +151,7 @@ void interrupted(int signo) {
+ int main(int argc, char *argv[]) {
+     FILE *tfp,*f;
+     char user[MAX_STRING_LEN];
++    char pwfilename[MAX_STRING_LEN];
+     char line[MAX_STRING_LEN];
+     char l[MAX_STRING_LEN];
+     char w[MAX_STRING_LEN];
+@@ -168,6 +169,25 @@ int main(int argc, char *argv[]) {
+             perror("fopen");
+             exit(1);
+         }
++        if (strlen(argv[2]) > (sizeof(pwfilename) - 1)) {
++            fprintf(stderr, "%s: filename is too long\n", argv[0]);
++	    exit(1);
++        }
++        if (((strchr(argv[2], ';')) != NULL) || ((strchr(argv[2], '>')) != NULL)) {
++	    fprintf(stderr, "%s: filename contains an illegal character\n",
++		argv[0]);
++	    exit(1);
++        }
++        if (strlen(argv[3]) > (sizeof(user) - 1)) {
++	    fprintf(stderr, "%s: username is too long\n", argv[0],
++		sizeof(user) - 1);
++	    exit(1);
++        }
++        if ((strchr(argv[3], ':')) != NULL) {
++            fprintf(stderr, "%s: username contains an illegal character\n",
++                argv[0]);
++            exit(1);
++        }
+         printf("Adding password for %s.\n",argv[3]);
+         add_password(argv[3],tfp);
+         fclose(tfp);
+@@ -180,6 +200,25 @@ int main(int argc, char *argv[]) {
+         exit(1);
+     }
+ 
++    if (strlen(argv[1]) > (sizeof(pwfilename) - 1)) {
++        fprintf(stderr, "%s: filename is too long\n", argv[0]);
++        exit(1);
++    }
++    if (((strchr(argv[1], ';')) != NULL) || ((strchr(argv[1], '>')) != NULL)) {
++        fprintf(stderr, "%s: filename contains an illegal character\n",
++                argv[0]);
++        exit(1);
++    }
++    if (strlen(argv[2]) > (sizeof(user) - 1)) {
++        fprintf(stderr, "%s: username is too long\n", argv[0],
++                sizeof(user) - 1);
++        exit(1);
++    }
++    if ((strchr(argv[2], ':')) != NULL) {
++        fprintf(stderr, "%s: username contains an illegal character\n",
++                argv[0]);
++        exit(1);
++    }
+     if(!(f = fopen(argv[1],"r"))) {
+         fprintf(stderr,
+                 "Could not open passwd file %s for reading.\n",argv[1]);