Bugtraq mailing list archives

Re: Vulnerability in NCSA HTTPD 1.3

From: roessler () sobolev cologne de (Thomas Roessler)
Date: Wed, 15 Feb 1995 00:42:03 +0100 (MET)


Paul 'Shag' Walmsley wrote:

 As Thomas implied, this particular problem can probably be fixed by
 changing line 161 of util.c from
 
      char tmp[MAX_STRING_LEN];
 to
      char tmp[HUGE_STRING_LEN];
 
 in NCSA's source.  We're running with the HUGE_STRING_LEN tmp now with no 
 (immediately apparent) bad side-effects (other than Thomas' hack not working 
 any more ;)



Sounds reasonable. But what will happen if the destination parameter of
strsubfirst() is too small to hold the result? No checking is done... I
would suggest to additionally increase all the buffer sizes, except the
number of bytes read from the client. I did so at our institute's server,
and it seems to work fine.


-- 
Internet:   roessler () indi5 iam uni-bonn de
Private email: roessler () sobolev cologne de

Current thread:

Re: Vulnerability in NCSA HTTPD 1.3, (continued)
- - - Re: Vulnerability in NCSA HTTPD 1.3 Christopher Davis (Feb 16)
  - Fixing the NCSA HTTPD 1.3 Thomas Lopatic (Feb 14)
    - Re: Fixing the NCSA HTTPD 1.3 Paul 'Shag' Walmsley (Feb 15)
    - Re: Fixing the NCSA HTTPD 1.3 Rens Troost (Feb 15)
    - Re: Fixing the NCSA HTTPD 1.3 Paul 'Shag' Walmsley (Feb 15)
    - For NCSA Http_1.05a Everett F Batey WA6CRE (Feb 15)
  - Sendmail 8.6.9 Nathan Lawson (Feb 14)
    - Re: Sendmail 8.6.9 Perry E. Metzger (Feb 14)
    - Re: Sendmail 8.6.9 Tom Fitzgerald (Feb 14)
    - Re: Sendmail 8.6.9 Perry E. Metzger (Feb 15)
  - Re: Vulnerability in NCSA HTTPD 1.3 Thomas Roessler (Feb 14)
  - Re: Vulnerability in NCSA HTTPD 1.3 Hannu Martikka (Feb 14)
- Re: Vulnerability in NCSA HTTPD 1.3 Edy (Feb 14)