github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 13:56:01 +03:00
Code Issues Packages Projects Releases Wiki Activity

Fix the hex digit size for SHA1 on msc_crypt implementation

Browse Source 
Fix #1354
This commit is contained in:
Felipe Zimmerle 2017-05-22 18:46:07 -03:00
parent a249574692
commit 6f49bad748
No known key found for this signature in database
GPG Key ID: E6DFB08CE8B11277
2 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGES
View File

@ -1,6 +1,8 @@
DD MMM YYYY - 2.9.2 - To be released
------------------------------------
* Fix the hex digit size for SHA1 on msc_crypt implementation.
[Issue #1354 - @zimmerle and @parthasarathi204]
* Avoid to flush xml buffer while assembling the injected html.
[Issue #742 - @zimmerle]
* Avoid additional operator invokation if last transform of a multimatch

2
apache2/msc_crypt.c
View File

@ -189,7 +189,7 @@ char *hmac(modsec_rec *msr, const char *key, int key_len,
unsigned char hmac_ipad[HMAC_PAD_SIZE], hmac_opad[HMAC_PAD_SIZE];
unsigned char nkey[APR_SHA1_DIGESTSIZE];
unsigned char *hmac_key = (unsigned char *) key;
char hex_digest[APR_SHA1_DIGESTSIZE * 2], *hmac_digest;
char hex_digest[APR_SHA1_DIGESTSIZE * 2 + 1], *hmac_digest;
const char hex[] = "0123456789abcdef";
int i;