Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1995_1

Bugtraq archives for 1st quarter (Jan-Mar) 1995: Re: Vulnerability in NCSA HTTPD 1.3

Re: Vulnerability in NCSA HTTPD 1.3

Thomas Roessler (roesslersobolev.cologne.de)
Wed, 15 Feb 1995 00:42:03 +0100 (MET)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: David Barr: "Re: IFS"
Previous message: Paul 'Shag' Walmsley: "Re: Fixing the NCSA HTTPD 1.3"
In reply to: Paul 'Shag' Walmsley: "Re: Vulnerability in NCSA HTTPD 1.3"
Next in thread: Edy: "Re: Vulnerability in NCSA HTTPD 1.3"

Paul 'Shag' Walmsley wrote:
>  As Thomas implied, this particular problem can probably be fixed by
>  changing line 161 of util.c from
>  
>  	char tmp[MAX_STRING_LEN];
>  to
>  	char tmp[HUGE_STRING_LEN];
>  
>  in NCSA's source.  We're running with the HUGE_STRING_LEN tmp now with no 
>  (immediately apparent) bad side-effects (other than Thomas' hack not working 
>  any more ;)

Sounds reasonable. But what will happen if the destination parameter of
strsubfirst() is too small to hold the result? No checking is done... I
would suggest to additionally increase all the buffer sizes, except the
number of bytes read from the client. I did so at our institute's server,
and it seems to work fine.

-- 
Internet:   roesslerindi5.iam.uni-bonn.de
Private email: roesslersobolev.cologne.de

Next message: David Barr: "Re: IFS"
Previous message: Paul 'Shag' Walmsley: "Re: Fixing the NCSA HTTPD 1.3"
In reply to: Paul 'Shag' Walmsley: "Re: Vulnerability in NCSA HTTPD 1.3"
Next in thread: Edy: "Re: Vulnerability in NCSA HTTPD 1.3"