Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Avoid buffer overflow in case of writing escaped characters inside mod_authn_rega #556

merged 1 commit into from Feb 18, 2019


None yet
3 participants
Copy link

alexreinert commented Feb 18, 2019

The for loop checks, that a single character fits inside the buffer. But in case of character escaping there will be added two characters inside the loop so that the buffer could be exceed by one.


This comment has been minimized.

Copy link

jens-maus commented Feb 18, 2019

Thanks for this fix! This is greatly appreciated.

@jens-maus jens-maus merged commit 0546d5a into jens-maus:master Feb 18, 2019

@alexreinert alexreinert deleted the alexreinert:mod_authn_rega_buffer_overflow branch Feb 18, 2019

@@ -93,7 +93,7 @@ int checkAuth(int port, const char* user, const char* pass) {

int m = 0;
for(int i = 0 ; i < lengthUser && m <= 1023; i++) {
for(int i = 0 ; i < lengthUser && m <= 1022; i++) {

This comment has been minimized.


hobbyquaker Feb 23, 2019


korrigier mich wenn ich mich täusche - aber wenn man mehrere \ oder : einfügt kann man doch immer noch ein overflow provozieren? Müsste man das hier nicht mit m <= 511 begrenzen oder die länge nach dem escapen in der schleife prüfen? oh. alles gut :-)


This comment has been minimized.

Copy link
Contributor Author

alexreinert commented Feb 23, 2019

Nein, es wird bei jedem Schleifendurchlauf geprüft ob mind. zwei Zeichen in den Buffer passen und es werden max. 2 Zeichen eingefügt.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.