httpd with auth
Natanael Copa
natanael.copa at gmail.com
Tue Sep 25 02:08:49 PDT 2007
On Tue, 2007-09-25 at 10:07 +0300, Kim B. Heino wrote:
> Hello,
>
> Attached patch fixes httpd's authentication config parser in BusyBox
> 1.7.1. With gcc/glibc the original code is the same as
> "sprintf(p0,":%s",c);".
candidate for fixes-1.7.1?
Without studying the entire source, it looks like its not checking the
length of the string. There is not a potensial buffer overflow here
right?
-nc
More information about the busybox
mailing list