[mod_secdownload] fix buffer overflow in secdl_verify_mac (reported b…

…y Fortify Open Review Project) Impact is probably low on most platforms, as it will probably overwrite one byte of "HASH HA1" which isn't used afterwards anymore. Reference: Fortify Open Review Project - lighttpd 1.4.39 ID 22708159 - Buffer Overflow: Off-by-One From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3096 152afb58-edef-0310-8abb-c4023f1b3aa9
bigtrak · Mar 13, 2016 · 2a8f73e · 2a8f73e
1 parent a6477d8
commit 2a8f73e
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 1 deletion.
diff --git a/NEWS b/NEWS
@@ -25,6 +25,7 @@ NEWS
   * [mod_cgi] kill CGI if fail to write request body
   * [mod_proxy] use case-insensitive comparision to filter headers, send Connection: Close to backend (fixes #421)
   * [mod_dirlisting] dir-listing.hide-dotfiles = "enabled" by default (fixes #1081)
+  * [mod_secdownload] fix buffer overflow in secdl_verify_mac (reported by Fortify Open Review Project)
 
 - 1.4.39 - 2016-01-02
   * [core] fix memset_s call (fixes #2698)

diff --git a/src/mod_secdownload.c b/src/mod_secdownload.c
@@ -153,7 +153,7 @@ static int secdl_verify_mac(server *srv, plugin_config *config, const char* prot
 		{
 			li_MD5_CTX Md5Ctx;
 			HASH HA1;
-			char hexmd5[32];
+			char hexmd5[33];
 			const char *ts_str;
 			const char *rel_uri;