github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-11-16 01:22:18 +03:00
Code Issues Packages Projects Releases Wiki Activity

Fix invalid storage reference by apr_psprintf() when creating a string from salt[]. salt[] is not '\0'-terminated, so apr_psprintf() needs to be told the extent of the bytes to read.

Browse Source 
It is easy to test old/new code standalone with valgrind;
jst insert the getkey() function into this template:

-----------getkey() goes here-----------------

int main(void)
{
    apr_pool_t *p;

    apr_initialize();
    apr_pool_create(&p, NULL);

    printf("%s\n", getkey(p));
    return 0;
}
This commit is contained in:
Jeff Trawick
2013-12-05 18:54:42 -05:00
committed by Felipe Zimmerle
parent a9a39255b9
commit 1ed95ad932
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
apache2/msc_crypt.c
View File

@@ -152,14 +152,14 @@ char *getkey(apr_pool_t *mp) {
char salt[64];
apr_generate_random_bytes(salt, sizeof(salt));
key = apr_psprintf(mp,"%s",salt);
key = apr_psprintf(mp,"%.*s",(int)sizeof(salt),salt);
apr_sha1_init (&ctx);
apr_sha1_update (&ctx, (const char*)key, strlen(key));
apr_sha1_update (&ctx, "\0", 1);
apr_generate_random_bytes(salt, sizeof(salt));
value = apr_psprintf(mp,"%s",salt);
value = apr_psprintf(mp,"%.*s",(int)sizeof(salt),salt);
apr_sha1_update (&ctx, value, strlen (value));
apr_sha1_final (digest, &ctx);