[Mod-security-developers] SecHash buffer overflow #1198

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hi,
I have faced this issue while running regression tests on windows 2012 R2.
Analyzing the code, I found there is buffer overflow of msc_crypt.c # 
hmac() function. I have updated my comments 
https://github.com/SpiderLabs/ModSecurity/issues/1198.

Following changes will fix the issue .
==============================

diff --git a/apache2/msc_crypt.c b/apache2/msc_crypt.c
index e7590b6..66a9dc0 100644
--- a/apache2/msc_crypt.c
+++ b/apache2/msc_crypt.c
@@ -189,7 +189,7 @@ char *hmac(modsec_rec *msr, const char *key, int 
key_len,
      unsigned char hmac_ipad[HMAC_PAD_SIZE], hmac_opad[HMAC_PAD_SIZE];
      unsigned char nkey[APR_SHA1_DIGESTSIZE];
      unsigned char *hmac_key = (unsigned char *) key;
-    char hex_digest[APR_SHA1_DIGESTSIZE * 2], *hmac_digest;
+    char hex_digest[APR_SHA1_DIGESTSIZE * 2 + 1], *hmac_digest;
      const char hex[] = "0123456789abcdef";
      int i;

==============================


Thanks and Regards,
Partha

