This is the mail archive of the ecos-bugs@sourceware.org mailing list for the eCos project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug 1000375] ATHTTPD security endless loop in invalid-Authorization parse

From: bugzilla-daemon at ecoscentric dot com
To: ecos-bugs at sources dot redhat dot com
Date: Tue, 12 Jun 2007 16:37:27 +0100 (BST)
Subject: [Bug 1000375] ATHTTPD security endless loop in invalid-Authorization parse

https://bugzilla.ecoscentric.com/show_bug.cgi?id=1000375





------- Additional Comments From atonizzo@gmail.com  2007-06-12 16:37 -------
If I understand correctly the proposed change would be this:

     else if (strncasecmp(p, "uri=", 4) == 0)
         p = cyg_httpd_digest_skip(p+4);
+    else
+        while ((*p != '\r') && (*p != '\n') && (*p != ' '))
+            p++
     }
This would discard any unrecognized token all the way to the first
line terminators or blank space. Would this fix the problem?

-- 
Configure bugmail: https://bugzilla.ecoscentric.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]