[Previous] [Next] [Index]
[Thread]
Re: CIAC Advisory F-11 Report: Unix NCSA httpd Vulnerability
A Warren Pratten wrote -
> -> Until official patches are available from NCSA, CIAC recommends the following
> -> temporary fix be installed. In the file httpd.h, change the string length
> -> definitions from:
> ->
> -> /* The default string lengths */
> -> #define MAX_STRING_LEN 256
> -> #define HUGE_STRING_LEN 8192
> ->
> -> to:
> ->
> -> /* The default string lengths */
> -> #define HUGE_STRING_LEN 8192
> -> #define MAX_STRING_LEN HUGE_STRING_LEN
> ->
> -> Then rebuild, install, and restart the new httpd server.
>
> This is a pathetic fix. Sure it will solve the problem for a short time until
> a clever hacker realises that all he/she has to do is overflow a larger
> buffer.
The quick fix that I applied is as follows:
*** util.c.SECURITY_BUG Sat May 7 22:47:15 1994
--- util.c Tue Feb 14 03:54:27 1995
***************
*** 160,166 ****
{
char tmp[MAX_STRING_LEN];
! strcpy(tmp,&dest[start]);
strcpy(dest,src);
strcpy(&dest[strlen(src)],tmp);
}
--- 160,168 ----
{
char tmp[MAX_STRING_LEN];
! /* strcpy(tmp,&dest[start]); */ /* MJM - ARL: security bug */
! strncpy(tmp,&dest[start], sizeof(tmp)-1);
! tmp[MAX_STRING_LEN-1] = '\0'; /* MJM - ARL */
strcpy(dest,src);
strcpy(&dest[strlen(src)],tmp);
}
Best,
-Mike
Follow-Ups: