slackbuilds_ponce/network/thttpd/patches/additional-input-validation-httpd.c.diff

--- thttpd-2.25b/extras/htpasswd.c.orig	2006-03-31 04:12:42.281317000 +0000
+++ thttpd-2.25b/extras/htpasswd.c	2006-03-31 05:21:37.741632392 +0000
@@ -151,6 +151,7 @@ void interrupted(int signo) {
 int main(int argc, char *argv[]) {
     FILE *tfp,*f;
     char user[MAX_STRING_LEN];
+    char pwfilename[MAX_STRING_LEN];
     char line[MAX_STRING_LEN];
     char l[MAX_STRING_LEN];
     char w[MAX_STRING_LEN];
@@ -168,6 +169,25 @@ int main(int argc, char *argv[]) {
             perror("fopen");
             exit(1);
         }
+        if (strlen(argv[2]) > (sizeof(pwfilename) - 1)) {
+            fprintf(stderr, "%s: filename is too long\n", argv[0]);
+	    exit(1);
+        }
+        if (((strchr(argv[2], ';')) != NULL) || ((strchr(argv[2], '>')) != NULL)) {
+	    fprintf(stderr, "%s: filename contains an illegal character\n",
+		argv[0]);
+	    exit(1);
+        }
+        if (strlen(argv[3]) > (sizeof(user) - 1)) {
+	    fprintf(stderr, "%s: username is too long\n", argv[0],
+		sizeof(user) - 1);
+	    exit(1);
+        }
+        if ((strchr(argv[3], ':')) != NULL) {
+            fprintf(stderr, "%s: username contains an illegal character\n",
+                argv[0]);
+            exit(1);
+        }
         printf("Adding password for %s.\n",argv[3]);
         add_password(argv[3],tfp);
         fclose(tfp);
@@ -180,6 +200,25 @@ int main(int argc, char *argv[]) {
         exit(1);
     }
 
+    if (strlen(argv[1]) > (sizeof(pwfilename) - 1)) {
+        fprintf(stderr, "%s: filename is too long\n", argv[0]);
+        exit(1);
+    }
+    if (((strchr(argv[1], ';')) != NULL) || ((strchr(argv[1], '>')) != NULL)) {
+        fprintf(stderr, "%s: filename contains an illegal character\n",
+                argv[0]);
+        exit(1);
+    }
+    if (strlen(argv[2]) > (sizeof(user) - 1)) {
+        fprintf(stderr, "%s: username is too long\n", argv[0],
+                sizeof(user) - 1);
+        exit(1);
+    }
+    if ((strchr(argv[2], ':')) != NULL) {
+        fprintf(stderr, "%s: username contains an illegal character\n",
+                argv[0]);
+        exit(1);
+    }
     if(!(f = fopen(argv[1],"r"))) {
         fprintf(stderr,
                 "Could not open passwd file %s for reading.\n",argv[1]);