This is the mail archive of the
ecos-bugs@sourceware.org
mailing list for the eCos project.
[Bug 1000375] ATHTTPD security endless loop in invalid-Authorization parse
- From: bugzilla-daemon at ecoscentric dot com
- To: ecos-bugs at sources dot redhat dot com
- Date: Tue, 12 Jun 2007 16:37:27 +0100 (BST)
- Subject: [Bug 1000375] ATHTTPD security endless loop in invalid-Authorization parse
https://bugzilla.ecoscentric.com/show_bug.cgi?id=1000375
------- Additional Comments From atonizzo@gmail.com 2007-06-12 16:37 -------
If I understand correctly the proposed change would be this:
else if (strncasecmp(p, "uri=", 4) == 0)
p = cyg_httpd_digest_skip(p+4);
+ else
+ while ((*p != '\r') && (*p != '\n') && (*p != ' '))
+ p++
}
This would discard any unrecognized token all the way to the first
line terminators or blank space. Would this fix the problem?
--
Configure bugmail: https://bugzilla.ecoscentric.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.