From 1ed95ad93234579a44170b4473e4d0d67eaa82dd Mon Sep 17 00:00:00 2001
From: Jeff Trawick <trawick@gmail.com>
Date: Thu, 5 Dec 2013 18:54:42 -0500
Subject: [PATCH] Fix invalid storage reference by apr_psprintf() when creating
 a string from salt[]. salt[] is not '\0'-terminated, so apr_psprintf() needs
 to be told the extent of the bytes to read.

It is easy to test old/new code standalone with valgrind;
jst insert the getkey() function into this template:

-----------getkey() goes here-----------------

int main(void)
{
    apr_pool_t *p;

    apr_initialize();
    apr_pool_create(&p, NULL);

    printf("%s\n", getkey(p));
    return 0;
}
---
 apache2/msc_crypt.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/apache2/msc_crypt.c b/apache2/msc_crypt.c
index e059b751..e7590b66 100644
--- a/apache2/msc_crypt.c
+++ b/apache2/msc_crypt.c
@@ -152,14 +152,14 @@ char *getkey(apr_pool_t *mp) {
     char salt[64];
 
     apr_generate_random_bytes(salt, sizeof(salt));
-    key = apr_psprintf(mp,"%s",salt);
+    key = apr_psprintf(mp,"%.*s",(int)sizeof(salt),salt);
 
     apr_sha1_init (&ctx);
     apr_sha1_update (&ctx, (const char*)key, strlen(key));
     apr_sha1_update (&ctx, "\0", 1);
 
     apr_generate_random_bytes(salt, sizeof(salt));
-    value = apr_psprintf(mp,"%s",salt);
+    value = apr_psprintf(mp,"%.*s",(int)sizeof(salt),salt);
 
     apr_sha1_update (&ctx, value, strlen (value));
     apr_sha1_final (digest, &ctx);