On Mon, 13 Feb 1995, Thomas Lopatic wrote: > Hello there, > > we've installed the NCSA HTTPD 1.3 on our WWW server (HP9000/720, HP-UX 9.01) > and I've found, that it can be tricked into executing shell commands. ... > /* The problem is that the array 'tmp' in the function 'strsubfirst()' */ > /* has a length of MAX_STRING_LEN. However, the function can be passed */ > /* arguments with up to HUGE_STRING_LEN characters. */ As Thomas implied, this particular problem can probably be fixed by changing line 161 of util.c from char tmp[MAX_STRING_LEN]; to char tmp[HUGE_STRING_LEN]; in NCSA's source. We're running with the HUGE_STRING_LEN tmp now with no (immediately apparent) bad side-effects (other than Thomas' hack not working any more ;) > -- > Thomas Lopatic lopatic@informatik.uni-muenchen.de > - Paul "Shag" Walmsley <ccshag@cclabs.missouri.edu> "I'll drink a toast to bold evolution any day!"