1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
Author: Christian Grothoff <christian@grothoff.org>
Description: A stack overflow flaw was found in the MHD_digest_auth_check()
function in libmicrohttpd. If MHD_OPTION_CONNECTION_MEMORY_LIMIT was
configured to allow large allocations, a remote attacker could possibly use
this flaw to cause an application using libmicrohttpd to crash or,
potentially, execute arbitrary code with the privileges of the user running
the application.
Origin: upstream, commit: 30983
--- a/src/daemon/digestauth.c
+++ b/src/daemon/digestauth.c
@@ -608,7 +608,17 @@
header, "nonce")))
return MHD_NO;
left -= strlen ("nonce") + len;
-
+ if (left > 32 * 1024)
+ {
+ /* we do not permit URIs longer than 32k, as we want to
+ make sure to not blow our stack (or per-connection
+ heap memory limit). Besides, 32k is already insanely
+ large, but of course in theory the
+ #MHD_OPTION_CONNECTION_MEMORY_LIMIT might be very large
+ and would thus permit sending a >32k authorization
+ header value. */
+ return MHD_NO;
+ }
{
char uri[left];
|
