diff --git a/CHANGES b/CHANGES index a1e040e..4e2cab1 100644 --- a/CHANGES +++ b/CHANGES @@ -5,6 +5,7 @@ Release 8.9-dev * your patch? :) * Fixed svn module memory leaks * Fixed rtsp module potential buffer overflow +* Fixed http module DIGEST-MD5 mode * Added memcached module * Added mongodb module diff --git a/hydra-http.c b/hydra-http.c index db9b500..8b19b28 100644 --- a/hydra-http.c +++ b/hydra-http.c @@ -13,7 +13,7 @@ int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, cha char *login, *pass, *buffer, buffer2[500]; char *header; char *ptr, *fooptr; - int32_t complete_line = 0; + int32_t complete_line = 0, buffer_size; char tmpreplybuf[1024] = "", *tmpreplybufptr; if (strlen(login = hydra_get_next_login()) == 0) @@ -26,7 +26,8 @@ int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, cha header = stringify_headers(&ptr_head); - if(!(buffer = malloc(strlen(header) + 500))) { + buffer_size = strlen(header) + 500; + if(!(buffer = malloc(buffer_size))) { free(header); return 3; } @@ -63,8 +64,8 @@ int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, cha char *pbuffer; pbuffer = hydra_strcasestr(http_buf, "WWW-Authenticate: Digest "); - strncpy(buffer, pbuffer + strlen("WWW-Authenticate: Digest "), sizeof(buffer)); - buffer[sizeof(buffer) - 1] = '\0'; + strncpy(buffer, pbuffer + strlen("WWW-Authenticate: Digest "), buffer_size - 1); + buffer[buffer_size - 1] = '\0'; fooptr = buffer2; sasl_digest_md5(fooptr, login, pass, buffer, miscptr, type, webtarget, webport, header); diff --git a/hydra.c b/hydra.c index abd773c..0f9de0d 100644 --- a/hydra.c +++ b/hydra.c @@ -4009,8 +4009,8 @@ int main(int argc, char *argv[]) { error += j; k = 0; - for (j = 0; j < hydra_options.max_use; j++) - if (hydra_heads[j]->active == HEAD_ACTIVE) + for (i = 0; i < hydra_options.max_use; i++) + if (hydra_heads[i]->active == HEAD_ACTIVE) k++; if (error == 0 && k == 0) {