Fix the hex digit size for SHA1 on msc_crypt implementation

Felipe Zimmerle · Felipe Zimmerle · commit 6f49bad74820 · 2017-05-22T18:48:20.000-03:00
Fix #1354
diff --git a/CHANGES b/CHANGES
@@ -1,6 +1,8 @@
 DD MMM YYYY - 2.9.2 - To be released
 ------------------------------------
 
+ * Fix the hex digit size for SHA1 on msc_crypt implementation.
+   [Issue #1354 - @zimmerle and @parthasarathi204]
  * Avoid to flush xml buffer while assembling the injected html.
    [Issue #742 - @zimmerle]
  * Avoid additional operator invokation if last transform of a multimatch
diff --git a/apache2/msc_crypt.c b/apache2/msc_crypt.c
@@ -189,7 +189,7 @@ char *hmac(modsec_rec *msr, const char *key, int key_len,
     unsigned char hmac_ipad[HMAC_PAD_SIZE], hmac_opad[HMAC_PAD_SIZE];
     unsigned char nkey[APR_SHA1_DIGESTSIZE];
     unsigned char *hmac_key = (unsigned char *) key;
-    char hex_digest[APR_SHA1_DIGESTSIZE * 2], *hmac_digest;
+    char hex_digest[APR_SHA1_DIGESTSIZE * 2 + 1], *hmac_digest;
     const char hex[] = "0123456789abcdef";
     int i;
 
