1 Fixes vulnerabilities in log() and flog() functions:
2 heap overflows (BugTraqID 7388)
3 format strings (BugTraqID 7393)
4 insecure file access in /tmp
5 diff -Nur mod_ntlm-0.4.orig/mod_ntlm.c mod_ntlm-0.4/mod_ntlm.c
6 --- mod_ntlm-0.4.orig/mod_ntlm.c 2003-02-21 02:55:13.000000000 +0100
7 +++ mod_ntlm-0.4/mod_ntlm.c 2003-10-25 23:03:34.470322328 +0200
9 if ((s = (char *) malloc(2048)) == NULL)
12 - vsprintf(s, format, ap);
13 + vsnprintf(s, 2048, format, ap);
15 - ap_log_rerror(APLOG_MARK, APLOG_NOERRNO | APLOG_NOTICE, r, s);
16 + ap_log_rerror(APLOG_MARK, APLOG_NOERRNO | APLOG_NOTICE, r, "%s", s);
21 if ((s = (char *) malloc(2048)) == NULL)
24 - vsprintf(s, format, ap);
25 + vsnprintf(s, 2048, format, ap);
27 - if ((f = fopen("/tmp/mod_ntlm.log", "a")) != NULL) {
28 + if ((f = fopen("/var/log/mod_ntlm.log", "a")) != NULL) {