From fa6e94cba9084e322edcbf99090808f46a30bb81 Mon Sep 17 00:00:00 2001 From: AngelCarpintero Date: Tue, 10 Jun 2008 23:19:31 +0000 Subject: [PATCH] Fix a security issue in web control interface and update CHANGELOG & CREDITS from 3.2.10.1 --- CHANGELOG | 5 +++++ CREDITS | 1 + webhttpd.c | 8 ++++---- 3 files changed, 10 insertions(+), 4 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index cd1b3f1c..3113ab90 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -9,6 +9,11 @@ Features Bugfixes +3.2.10.1 Summary of Changes + +Bugfixes + * Fix a security issue in web control interface http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484572 + (Angel Carpintero) 3.2.10 Summary of Changes diff --git a/CREDITS b/CREDITS index cad1ff5b..8bccb189 100644 --- a/CREDITS +++ b/CREDITS @@ -397,6 +397,7 @@ Angel Carpintero * Added to configure.in --with-pwcbsd to allow compile motion in freebsd with webcam support instead of bktr. * IPV6 for http-control and webcam stream not netcam yet http://www.lavrsen.dk/twiki/bin/view/Motion/IPv6 (Jeroen Massar & Angel Carpintero) + * Fix a security issue in web control interface http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484572 Jared D * Change bayer2rgb24() to fix a problem with sn9c102 driver diff --git a/webhttpd.c b/webhttpd.c index 8f563f56..02c7d2c7 100644 --- a/webhttpd.c +++ b/webhttpd.c @@ -2147,14 +2147,14 @@ static unsigned short int read_client(int client_socket, void *userdata, char *a return 1; } else { - char method[20]; - char url[512]; - char protocol[20]; + char method[10]={'\0'}; + char url[512]={'\0'}; + char protocol[10]={'\0'}; char *authentication=NULL; buffer[nread] = '\0'; - warningkill = sscanf(buffer, "%s %s %s", method, url, protocol); + warningkill = sscanf(buffer, "%9s %511s %9s", method, url, protocol); while ((strstr(buffer, "\r\n\r\n") == NULL) && (readb!=0) && (nread < length)) { readb = read(client_socket, buffer+nread, sizeof (buffer) - nread);