projects / packages / apache1-mod_ntlm.git / blame
| Commit | Line | Data |
|---|---|---|
| 419a4f4f JB |
1 | Fixes vulnerabilities in log() and flog() functions: |
| 2 | heap overflows (BugTraqID 7388) | |
| 3 | format strings (BugTraqID 7393) | |
| 4 | insecure file access in /tmp | |
| 5 | diff -Nur mod_ntlm-0.4.orig/mod_ntlm.c mod_ntlm-0.4/mod_ntlm.c | |
| 6 | --- mod_ntlm-0.4.orig/mod_ntlm.c 2003-02-21 02:55:13.000000000 +0100 | |
| 7 | +++ mod_ntlm-0.4/mod_ntlm.c 2003-10-25 23:03:34.470322328 +0200 | |
| 8 | @@ -48,9 +48,9 @@ | |
| 9 | if ((s = (char *) malloc(2048)) == NULL) | |
| 10 | return; | |
| 11 | va_start(ap, format); | |
| 12 | - vsprintf(s, format, ap); | |
| 13 | + vsnprintf(s, 2048, format, ap); | |
| 14 | va_end(ap); | |
| 15 | - ap_log_rerror(APLOG_MARK, APLOG_NOERRNO | APLOG_NOTICE, r, s); | |
| 16 | + ap_log_rerror(APLOG_MARK, APLOG_NOERRNO | APLOG_NOTICE, r, "%s", s); | |
| 17 | free(s); | |
| 18 | } | |
| 19 | static void | |
| 20 | @@ -63,9 +63,9 @@ | |
| 21 | if ((s = (char *) malloc(2048)) == NULL) | |
| 22 | return; | |
| 23 | va_start(ap, format); | |
| 24 | - vsprintf(s, format, ap); | |
| 25 | + vsnprintf(s, 2048, format, ap); | |
| 26 | va_end(ap); | |
| 27 | - if ((f = fopen("/tmp/mod_ntlm.log", "a")) != NULL) { | |
| 28 | + if ((f = fopen("/var/log/mod_ntlm.log", "a")) != NULL) { | |
| 29 | fputs(s, f); | |
| 30 | fputs("\n", f); | |
| 31 | fclose(f); |