summaryrefslogtreecommitdiff
path: root/network/thttpd/patches/additional-input-validation-httpd.c.diff
diff options
context:
space:
mode:
Diffstat (limited to 'network/thttpd/patches/additional-input-validation-httpd.c.diff')
-rw-r--r--network/thttpd/patches/additional-input-validation-httpd.c.diff62
1 files changed, 62 insertions, 0 deletions
diff --git a/network/thttpd/patches/additional-input-validation-httpd.c.diff b/network/thttpd/patches/additional-input-validation-httpd.c.diff
new file mode 100644
index 0000000000..04f59eac8e
--- /dev/null
+++ b/network/thttpd/patches/additional-input-validation-httpd.c.diff
@@ -0,0 +1,62 @@
+--- thttpd-2.25b/extras/htpasswd.c.orig 2006-03-31 04:12:42.281317000 +0000
++++ thttpd-2.25b/extras/htpasswd.c 2006-03-31 05:21:37.741632392 +0000
+@@ -151,6 +151,7 @@ void interrupted(int signo) {
+ int main(int argc, char *argv[]) {
+ FILE *tfp,*f;
+ char user[MAX_STRING_LEN];
++ char pwfilename[MAX_STRING_LEN];
+ char line[MAX_STRING_LEN];
+ char l[MAX_STRING_LEN];
+ char w[MAX_STRING_LEN];
+@@ -168,6 +169,25 @@ int main(int argc, char *argv[]) {
+ perror("fopen");
+ exit(1);
+ }
++ if (strlen(argv[2]) > (sizeof(pwfilename) - 1)) {
++ fprintf(stderr, "%s: filename is too long\n", argv[0]);
++ exit(1);
++ }
++ if (((strchr(argv[2], ';')) != NULL) || ((strchr(argv[2], '>')) != NULL)) {
++ fprintf(stderr, "%s: filename contains an illegal character\n",
++ argv[0]);
++ exit(1);
++ }
++ if (strlen(argv[3]) > (sizeof(user) - 1)) {
++ fprintf(stderr, "%s: username is too long\n", argv[0],
++ sizeof(user) - 1);
++ exit(1);
++ }
++ if ((strchr(argv[3], ':')) != NULL) {
++ fprintf(stderr, "%s: username contains an illegal character\n",
++ argv[0]);
++ exit(1);
++ }
+ printf("Adding password for %s.\n",argv[3]);
+ add_password(argv[3],tfp);
+ fclose(tfp);
+@@ -180,6 +200,25 @@ int main(int argc, char *argv[]) {
+ exit(1);
+ }
+
++ if (strlen(argv[1]) > (sizeof(pwfilename) - 1)) {
++ fprintf(stderr, "%s: filename is too long\n", argv[0]);
++ exit(1);
++ }
++ if (((strchr(argv[1], ';')) != NULL) || ((strchr(argv[1], '>')) != NULL)) {
++ fprintf(stderr, "%s: filename contains an illegal character\n",
++ argv[0]);
++ exit(1);
++ }
++ if (strlen(argv[2]) > (sizeof(user) - 1)) {
++ fprintf(stderr, "%s: username is too long\n", argv[0],
++ sizeof(user) - 1);
++ exit(1);
++ }
++ if ((strchr(argv[2], ':')) != NULL) {
++ fprintf(stderr, "%s: username contains an illegal character\n",
++ argv[0]);
++ exit(1);
++ }
+ if(!(f = fopen(argv[1],"r"))) {
+ fprintf(stderr,
+ "Could not open passwd file %s for reading.\n",argv[1]);