VladPolskiy/apache-http-server
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-08-06 11:06:17 +00:00
Code Issues Packages Projects Releases Wiki Activity
33,400 Commits 62 Branches 304 Tags
669e51165491989cb2a7a33b421cf112ea9c79a0
Commit Graph

61 Commits

Author SHA1 Message Date
Luca Toscano
417cc6a690 htdigest: prevent buffer overflow when strings in lines are too long. 
Reported by: Hanno Böck
PR: 61511



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1808008 13f79535-47bb-0310-9956-ffa450edef68
 2017-09-11 10:28:09 +00:00
Ruediger Pluem
f5c249ba91 * Do not apply the strict permissions of the temporary file to a possibly 
existing passwd file.
  This long standing bug was triggered by fixing a bug in APR in r1791029.

PR: 61240


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1800594 13f79535-47bb-0310-9956-ffa450edef68
 2017-07-03 06:37:45 +00:00
Christophe Jaillet
b854d7e818 Remove some 'register' in variable declaration. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1610366 13f79535-47bb-0310-9956-ffa450edef68
 2014-07-14 09:05:27 +00:00
Rainer Jung
e6a4c07241 htdigest: Fix buffer overflow when reading digest 
password file with very long lines.

PR 54893.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1475878 13f79535-47bb-0310-9956-ffa450edef68
 2013-04-25 18:02:48 +00:00
Christophe Jaillet
ae8de8d48c Use apr_file_printf(... "%pm"...) instead of explicit call to apr_strerror 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1463750 13f79535-47bb-0310-9956-ffa450edef68
 2013-04-02 21:03:25 +00:00
Jeff Trawick
82d1497a6e Fortify falsely complained that the sprintf() result was unbounded. 
We may as well use apr_snprintf() though, as well as comment on the
available space for "::\0" (for people like me).


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@987498 13f79535-47bb-0310-9956-ffa450edef68
 2010-08-20 13:16:24 +00:00
Stefan Fritsch
5debe7ffdd Actually use the whole buffer for reading. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@826528 13f79535-47bb-0310-9956-ffa450edef68
 2009-10-18 21:34:47 +00:00
Stefan Fritsch
a9dbe0df7d Fix some more overflows spotted by Ruediger Pluem 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@826520 13f79535-47bb-0310-9956-ffa450edef68
 2009-10-18 20:39:05 +00:00
Stefan Fritsch
cc12e39928 detab 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@826507 13f79535-47bb-0310-9956-ffa450edef68
 2009-10-18 19:38:03 +00:00
Stefan Fritsch
cb80694fcc htdigest: Fix possible overflow in command line processing. htdigest is not 
supposed to be suid save, therefore not treated as a security issue.

CVE-2005-1344
Submitted by: Adam Conrad
Reviewed by: Stefan Fritsch


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@826506 13f79535-47bb-0310-9956-ffa450edef68
 2009-10-18 19:35:42 +00:00
Roy T. Fielding
de659cbed0 update license header text 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@420983 13f79535-47bb-0310-9956-ffa450edef68
 2006-07-11 20:33:53 +00:00
Colm MacCarthaigh
dd95d7c37c Update the copyright year in all .c, .h and .xml files 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@395228 13f79535-47bb-0310-9956-ffa450edef68
 2006-04-19 12:11:27 +00:00
Jim Jagielski
5061d9fa92 No functional Change: Removing trailing whitespace. This also 
means that "blank" lines consisting of just spaces or
tabs are now really blank lines


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@332306 13f79535-47bb-0310-9956-ffa450edef68
 2005-11-10 15:11:44 +00:00
Joe Orton
1f76f2acee * support/htdigest.c (main): Fix permissions of created files. 
PR: 33765


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@155681 13f79535-47bb-0310-9956-ffa450edef68
 2005-02-28 14:28:08 +00:00
Justin Erenkrantz
905cdf9f0b Update copyright year to 2005 and standardize on current copyright owner line. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@151408 13f79535-47bb-0310-9956-ffa450edef68
 2005-02-04 20:28:49 +00:00
Martin Kraemer
a22426c699 Use standardized names for ISO-8859-1, see http://www.iana.org/assignments/character-sets 
(Using the name iso8859-1 may still work, because it is aliased in apr-iconv/ccs/charset.aliases)


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@104078 13f79535-47bb-0310-9956-ffa450edef68
 2004-06-29 13:33:24 +00:00
Bradley Nicholes
3574543174 Remove the OMIT_DELONCLOSE #ifdef since this should happen automatically with the apr_temp_dir_get() function. 
Submitted by: Guenter Knauf <eflash@gmx.net>


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@103007 13f79535-47bb-0310-9956-ffa450edef68
 2004-03-17 01:17:26 +00:00
Bradley Nicholes
3bbfe194f2 Replace calls to fprintf() with apr_file_printf() 
submitted by: Guenter Knauf <eflash@gmx.net>


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@103004 13f79535-47bb-0310-9956-ffa450edef68
 2004-03-17 00:18:47 +00:00
Bradley Nicholes
c591775efc Replace tabs with spaces 
Submitted by: Guenter Knauf <eflash@gmx.net>


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@103003 13f79535-47bb-0310-9956-ffa450edef68
 2004-03-17 00:17:21 +00:00
Bradley Nicholes
140a0683fd Remove the dependance on external cp/copy commands 
Submitted by: Guenter Knauf <eflash@gmx.net>


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@103002 13f79535-47bb-0310-9956-ffa450edef68
 2004-03-17 00:15:12 +00:00
Bradley Nicholes
5095c3880c Use apr_temp_dir_get() to get the temporary directory 
Submitted by: Guenter Knauf <eflash@gmx.net>


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@102998 13f79535-47bb-0310-9956-ffa450edef68
 2004-03-17 00:04:35 +00:00
André Malo
eeb57c17ad fix name of The Apache Software Foundation 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@102619 13f79535-47bb-0310-9956-ffa450edef68
 2004-02-09 20:40:53 +00:00
André Malo
c0dcb76491 fix copyright dates according the first cehck in 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@102592 13f79535-47bb-0310-9956-ffa450edef68
 2004-02-08 14:14:53 +00:00
André Malo
4f02cb1e18 apply Apache License, Version 2.0 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@102525 13f79535-47bb-0310-9956-ffa450edef68
 2004-02-06 22:58:42 +00:00
André Malo
fb07607180 update license to 2004. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@102135 13f79535-47bb-0310-9956-ffa450edef68
 2004-01-01 13:26:26 +00:00
Thom May
6a917afcdb Forward port a fix for a pair of potential buffer overflows in htdigest from 1.3 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@99680 13f79535-47bb-0310-9956-ffa450edef68
 2003-05-01 13:45:38 +00:00
André Malo
66835a2f53 Restore the ability of htdigest.exe to create files that contain 
more than one user. On win32 we cannot system("copy") a file, while
it's open.

PR: PR 12910


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@98893 13f79535-47bb-0310-9956-ffa450edef68
 2003-03-05 16:37:00 +00:00
André Malo
742af25096 finished that boring job: 
update license to 2003.

Happy New Year! ;-))


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@98573 13f79535-47bb-0310-9956-ffa450edef68
 2003-02-03 17:53:28 +00:00
Victor J. Orlikowski
d982829aa1 Continue the Bill Rowe apr_size_t crusade. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@95993 13f79535-47bb-0310-9956-ffa450edef68
 2002-07-10 06:01:14 +00:00
Jeff Trawick
0f0550b08c avoid colliding with getline() as defined by glibc 
(it breaks if you need to turn on _GNU_SOURCE)


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@95035 13f79535-47bb-0310-9956-ffa450edef68
 2002-05-10 18:20:29 +00:00
William A. Rowe Jr
01ba81a1f4 Correct const'ness of argv in all support apps, and use the new 
apr_app_initialize over apr_initialize for win32, and other platforms
  that may wish to tweak 'apr-ized' application support (e.g. Netware?)


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94633 13f79535-47bb-0310-9956-ffa450edef68
 2002-04-13 19:35:18 +00:00
Roy T. Fielding
845cbfd508 Update our copyright for this year. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93918 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-13 20:48:07 +00:00
Bradley Nicholes
00053faa90 Updates to allow the utilities to run on NetWare 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@92919 13f79535-47bb-0310-9956-ffa450edef68
 2002-01-18 23:28:20 +00:00
Ryan Bloom
a14a4f5b66 Add the ability to pass flags to both apr_file_open and apr_mktemp. 
The reason for this, is that it is very possible to want a temp
file that isn't deleted when the file is closed. It also makes sense
to have the flags in the apr_file_t if possible.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@92766 13f79535-47bb-0310-9956-ffa450edef68
 2002-01-08 06:26:10 +00:00
Cliff Woolley
3e1155b115 Switch from tmpnam() to apr_file_mktemp() so that gcc with a recent glibc 
will shut the hell up about tmpnam() being unsafe.  htpasswd.c needs a
similar treatment, but it won't be _quite_ as easy since htpasswd has not
been completely apr-ized yet.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@91222 13f79535-47bb-0310-9956-ffa450edef68
 2001-10-01 19:19:45 +00:00
Cliff Woolley
6f7f33a511 Silence gcc warning about rv being used when possibly uninitialized. That 
can only happen if n<=1 (ie, a bad parameter value), so I figure APR_EINVAL
is the correct default value.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@89333 13f79535-47bb-0310-9956-ffa450edef68
 2001-06-11 14:46:30 +00:00
Bill Stoddard
9f0a1da97a Fix look in htdigest. Reimplemented getline to work properly with 
APR. Shuld consider adding apr_file_getline() to APR.  Should also consider
changing apr_file_getc() to return characters rather than apr_status.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@89331 13f79535-47bb-0310-9956-ffa450edef68
 2001-06-10 21:01:57 +00:00
Jeff Trawick
f9046d9b7b get rid of a warning for missing strXXX prototype. (I only saw this 
on RH 7.1.)


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@89188 13f79535-47bb-0310-9956-ffa450edef68
 2001-05-21 19:17:20 +00:00
Roy T. Fielding
381f88d56a Update copyright to 2001 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@88184 13f79535-47bb-0310-9956-ffa450edef68
 2001-02-16 04:26:53 +00:00
Greg Stein
e7e115c624 *) include "apr_signal.h" when needed 
*) some other minor include tweaks


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@88081 13f79535-47bb-0310-9956-ffa450edef68
 2001-02-11 01:08:24 +00:00
Doug MacEachern
88d3406f9a renaming various functions for consistency sake 
see: http://apr.apache.org/~dougm/apr_rename.pl
PR:
Obtained from:
Submitted by:
Reviewed by:


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@88019 13f79535-47bb-0310-9956-ffa450edef68
 2001-02-08 07:45:33 +00:00
William A. Rowe Jr
cbf6e71e06 When is a void fn(void) not a void fn(void)? It's a win32'ism, since 
the APR_DECLARE (excluding _NONSTD) uses the pascal convention.  Really
  irrelevant in a function that never needs to clean up (atexit), but
  the compiler complains.  Possible workarounds, but that would break
  non-c lanaguge code from linking into apr.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@87726 13f79535-47bb-0310-9956-ffa450edef68
 2001-01-18 23:54:14 +00:00
Jeff Trawick
37d7b23e1e get rid of a bogus use of perror() 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@87623 13f79535-47bb-0310-9956-ffa450edef68
 2001-01-09 04:09:43 +00:00
William A. Rowe Jr
c2239e78bd All the supports now build on APR (+APRUTIL), no reliance on httpd. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@87501 13f79535-47bb-0310-9956-ffa450edef68
 2000-12-21 21:00:45 +00:00
Jeff Trawick
351725e726 Switch to the APR-provided APR_CHARSET_EBCDIC feature test macro. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@87460 13f79535-47bb-0310-9956-ffa450edef68
 2000-12-20 16:44:01 +00:00
Ryan Bloom
b5440c348a Force all Apache functions to be linked into the executable, whether they 
are used or not.  This uses the same mechanism that is used for APR
and APR-util.  This may not be the correct solution, but it works, and that
is what I really care about.  This also renames CHARSET_EBCDIC to
AP_CHARSET_EBCDIC.  This is for namespace correctness, but it also makes
the exports script a bit easier.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@87424 13f79535-47bb-0310-9956-ffa450edef68
 2000-12-19 17:05:48 +00:00
Greg Stein
ead2dae94c *) Compensate for recent changes in the APR headers. Specifically, some 
files need to specifically include stdio.h, or a particular apr_*.h
   header.

*) Adjust callers of apr_create_process() to deal with the extra "const"

*) Add "const" to args of ap_os_create_privileged_process()


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@87080 13f79535-47bb-0310-9956-ffa450edef68
 2000-11-26 04:47:43 +00:00
Tony Finch
718ef1c880 ensure that all cpp directives start with a # in column one 
PR: 6742


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@86745 13f79535-47bb-0310-9956-ffa450edef68
 2000-10-25 15:03:03 +00:00
Jeff Trawick
f7ec9ddb5b A few more (last?) ap_xlate->apr_xlate changes covering stuff not completely 
handled in the big apr rename last week.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@86020 13f79535-47bb-0310-9956-ffa450edef68
 2000-08-07 20:11:37 +00:00
Jeff Trawick
99cf606197 Fix some problems with the apr conversion so that APACHE_XLATE builds work 
again.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@86018 13f79535-47bb-0310-9956-ffa450edef68
 2000-08-07 19:26:02 +00:00