|
Bugtraq
mailing list archives
Re: Vulnerability in NCSA HTTPD 1.3
From: roessler () sobolev cologne de (Thomas Roessler)
Date: Wed, 15 Feb 1995 00:42:03 +0100 (MET)
Paul 'Shag' Walmsley wrote:
As Thomas implied, this particular problem can probably be fixed by
changing line 161 of util.c from
char tmp[MAX_STRING_LEN];
to
char tmp[HUGE_STRING_LEN];
in NCSA's source. We're running with the HUGE_STRING_LEN tmp now with no
(immediately apparent) bad side-effects (other than Thomas' hack not working
any more ;)
Sounds reasonable. But what will happen if the destination parameter of
strsubfirst() is too small to hold the result? No checking is done... I
would suggest to additionally increase all the buffer sizes, except the
number of bytes read from the client. I did so at our institute's server,
and it seems to work fine.
--
Internet: roessler () indi5 iam uni-bonn de
Private email: roessler () sobolev cologne de
 By Date 
By Thread
Current thread:
- For NCSA Http_1.05a, (continued)
Re: Vulnerability in NCSA HTTPD 1.3 Thomas Roessler (Feb 14)
Re: Vulnerability in NCSA HTTPD 1.3 Hannu Martikka (Feb 14)
Re: Vulnerability in NCSA HTTPD 1.3 Edy (Feb 14)
| 
Intro
