Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 83458 Details for
Bug 128165
www-servers/thttpd: htpasswd Arbitrary Privileged Command Execution (CAN-2006-1354)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
htpasswdc_temporaryfix.patch
htpasswdc_temporaryfix.patch (text/plain), 2.20 KB, created by
Eduardo Tongson
on 2006-03-30 13:25:45 UTC
(
hide
)
Description:
htpasswdc_temporaryfix.patch
Filename:
MIME Type:
Creator:
Eduardo Tongson
Created:
2006-03-30 13:25:45 UTC
Size:
2.20 KB
patch
obsolete
>--- thttpd-2.25b/extras/htpasswd.c.orig 2006-03-31 04:12:42.281317000 +0000 >+++ thttpd-2.25b/extras/htpasswd.c 2006-03-31 05:21:37.741632392 +0000 >@@ -151,6 +151,7 @@ void interrupted(int signo) { > int main(int argc, char *argv[]) { > FILE *tfp,*f; > char user[MAX_STRING_LEN]; >+ char pwfilename[MAX_STRING_LEN]; > char line[MAX_STRING_LEN]; > char l[MAX_STRING_LEN]; > char w[MAX_STRING_LEN]; >@@ -168,6 +169,25 @@ int main(int argc, char *argv[]) { > perror("fopen"); > exit(1); > } >+ if (strlen(argv[2]) > (sizeof(pwfilename) - 1)) { >+ fprintf(stderr, "%s: filename is too long\n", argv[0]); >+ exit(1); >+ } >+ if (((strchr(argv[2], ';')) != NULL) || ((strchr(argv[2], '>')) != NULL)) { >+ fprintf(stderr, "%s: filename contains an illegal character\n", >+ argv[0]); >+ exit(1); >+ } >+ if (strlen(argv[3]) > (sizeof(user) - 1)) { >+ fprintf(stderr, "%s: username is too long\n", argv[0], >+ sizeof(user) - 1); >+ exit(1); >+ } >+ if ((strchr(argv[3], ':')) != NULL) { >+ fprintf(stderr, "%s: username contains an illegal character\n", >+ argv[0]); >+ exit(1); >+ } > printf("Adding password for %s.\n",argv[3]); > add_password(argv[3],tfp); > fclose(tfp); >@@ -180,6 +200,25 @@ int main(int argc, char *argv[]) { > exit(1); > } > >+ if (strlen(argv[1]) > (sizeof(pwfilename) - 1)) { >+ fprintf(stderr, "%s: filename is too long\n", argv[0]); >+ exit(1); >+ } >+ if (((strchr(argv[1], ';')) != NULL) || ((strchr(argv[1], '>')) != NULL)) { >+ fprintf(stderr, "%s: filename contains an illegal character\n", >+ argv[0]); >+ exit(1); >+ } >+ if (strlen(argv[2]) > (sizeof(user) - 1)) { >+ fprintf(stderr, "%s: username is too long\n", argv[0], >+ sizeof(user) - 1); >+ exit(1); >+ } >+ if ((strchr(argv[2], ':')) != NULL) { >+ fprintf(stderr, "%s: username contains an illegal character\n", >+ argv[0]); >+ exit(1); >+ } > if(!(f = fopen(argv[1],"r"))) { > fprintf(stderr, > "Could not open passwd file %s for reading.\n",argv[1]);
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=83458">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 128165
: 83458
