httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jim Jagielski <...@hyperreal.com>
Subject cvs commit: apache/src/modules/proxy proxy_cache.c proxy_ftp.c proxy_http.c proxy_util.c
Date Mon, 20 Jan 1997 04:28:37 GMT
jim         97/01/19 20:28:35

  Modified:    src       CHANGES buff.c http_config.c http_core.c
                        http_main.c  http_protocol.c http_request.c
                        mod_auth.c mod_auth_anon.c  mod_auth_db.c
                        mod_auth_dbm.c mod_auth_msql.c mod_cgi.c 
                        mod_digest.c mod_expires.c mod_imap.c mod_include.c
                        mod_info.c  mod_log_agent.c mod_log_config.c
                        mod_negotiation.c  mod_rewrite.c mod_rewrite.h
                        mod_usertrack.c rfc1413.c util.c  util_script.c
               src/modules/proxy  proxy_cache.c proxy_ftp.c proxy_http.c
                        proxy_util.c
  Log:
  Change from sprintf() to snprintf() to avoid
  and possible prevent buffer overflows
  
  Revision  Changes    Path
  1.126     +4 -0      apache/src/CHANGES
  
  Index: CHANGES
  ===================================================================
  RCS file: /export/home/cvs/apache/src/CHANGES,v
  retrieving revision 1.125
  retrieving revision 1.126
  diff -C3 -r1.125 -r1.126
  *** CHANGES	1997/01/20 00:12:33	1.125
  --- CHANGES	1997/01/20 04:28:07	1.126
  ***************
  *** 1,5 ****
  --- 1,9 ----
    Changes with Apache 1.2b5
    
  +   *) Migration from sprintf() to snprintf() to avoid buffer
  +      overflows. Provide portable snprintf() implementation
  +      (ap_snprintf). [Marc Slemko, jj]
  + 
      *) Remove mod_fastcgi.c from the distribution. This module appears
         to be maintained more through the Open Market channels and should
         continue to be easily available at http://www.fastcgi.com/
  
  
  
  1.14      +1 -1      apache/src/buff.c
  
  Index: buff.c
  ===================================================================
  RCS file: /export/home/cvs/apache/src/buff.c,v
  retrieving revision 1.13
  retrieving revision 1.14
  diff -C3 -r1.13 -r1.14
  *** buff.c	1997/01/18 19:17:21	1.13
  --- buff.c	1997/01/20 04:28:07	1.14
  ***************
  *** 481,487 ****
        if (fb->flags & B_CHUNK) {
    	char chunksize[16];	/* Big enough for practically anything */
    
  ! 	sprintf(chunksize, "%x\015\012", nbyte);
    	write(fb->fd, chunksize, strlen(chunksize));
        }
        r = write(fb->fd, buf, nbyte);
  --- 481,487 ----
        if (fb->flags & B_CHUNK) {
    	char chunksize[16];	/* Big enough for practically anything */
    
  ! 	ap_snprintf(chunksize, sizeof(chunksize), "%x\015\012", nbyte);
    	write(fb->fd, chunksize, strlen(chunksize));
        }
        r = write(fb->fd, buf, nbyte);
  
  
  
  1.41      +1 -1      apache/src/http_config.c
  
  Index: http_config.c
  ===================================================================
  RCS file: /export/home/cvs/apache/src/http_config.c,v
  retrieving revision 1.40
  retrieving revision 1.41
  diff -C3 -r1.40 -r1.41
  *** http_config.c	1997/01/04 15:10:15	1.40
  --- http_config.c	1997/01/20 04:28:07	1.41
  ***************
  *** 236,242 ****
        for(n=0 ; aMethods[n].offset >= 0 ; ++n)
    	if(aMethods[n].offset == offset)
    	    break;
  !     sprintf(buf,"%s:%s",modp->name,aMethods[n].method);
        return buf;
        }
    #else
  --- 236,242 ----
        for(n=0 ; aMethods[n].offset >= 0 ; ++n)
    	if(aMethods[n].offset == offset)
    	    break;
  !     ap_snprintf(buf, sizeof(buf), "%s:%s",modp->name,aMethods[n].method);
        return buf;
        }
    #else
  
  
  
  1.58      +2 -1      apache/src/http_core.c
  
  Index: http_core.c
  ===================================================================
  RCS file: /export/home/cvs/apache/src/http_core.c,v
  retrieving revision 1.57
  retrieving revision 1.58
  diff -C3 -r1.57 -r1.58
  *** http_core.c	1997/01/01 18:10:17	1.57
  --- http_core.c	1997/01/20 04:28:08	1.58
  ***************
  *** 884,890 ****
    
    const char *set_server_root (cmd_parms *cmd, void *dummy, char *arg) {
        if (!is_directory (arg)) return "ServerRoot must be a valid directory";
  !     strcpy (server_root, arg);
        return NULL;
    }
    
  --- 884,891 ----
    
    const char *set_server_root (cmd_parms *cmd, void *dummy, char *arg) {
        if (!is_directory (arg)) return "ServerRoot must be a valid directory";
  !     strncpy (server_root, arg, sizeof(server_root)-1);
  !     server_root[sizeof(server_root)-1] = '\0';
        return NULL;
    }
    
  
  
  
  1.108     +20 -14    apache/src/http_main.c
  
  Index: http_main.c
  ===================================================================
  RCS file: /export/home/cvs/apache/src/http_main.c,v
  retrieving revision 1.107
  retrieving revision 1.108
  diff -C3 -r1.107 -r1.108
  *** http_main.c	1997/01/19 17:43:28	1.107
  --- http_main.c	1997/01/20 04:28:08	1.108
  ***************
  *** 193,206 ****
    void
    accept_mutex_init(pool *p)
        {
  !     char lock_fname[30];
    
    #ifdef __MACHTEN__
  !     strcpy(lock_fname, "/var/tmp/htlock.XXXXXX");
    #else
  !     strcpy(lock_fname, "/usr/tmp/htlock.XXXXXX");
    #endif
  !     
        if (mktemp(lock_fname) == NULL || lock_fname[0] == '\0')
        {
    	fprintf (stderr, "Cannot assign name to lock file!\n");
  --- 193,207 ----
    void
    accept_mutex_init(pool *p)
        {
  !     char lock_fname[256];
    
    #ifdef __MACHTEN__
  !     strncpy(lock_fname, "/var/tmp/htlock.XXXXXX", sizeof(lock_fname)-1);
    #else
  !     strncpy(lock_fname, "/usr/tmp/htlock.XXXXXX", sizeof(lock_fname)-1);
    #endif
  !     lock_fname[sizeof(lock_fname)-1] = '\0';
  ! 
        if (mktemp(lock_fname) == NULL || lock_fname[0] == '\0')
        {
    	fprintf (stderr, "Cannot assign name to lock file!\n");
  ***************
  *** 251,259 ****
    void
    accept_mutex_init(pool *p)
    {
  !     char lock_fname[30];
    
  !     strcpy(lock_fname, "/usr/tmp/htlock.XXXXXX");
        
        if (mktemp(lock_fname) == NULL || lock_fname[0] == '\0')
        {
  --- 252,261 ----
    void
    accept_mutex_init(pool *p)
    {
  !     char lock_fname[256];
    
  !     strncpy(lock_fname, "/usr/tmp/htlock.XXXXXX", sizeof(lock_fname)-1);
  !     lock_fname[sizeof(lock_fname)-1] = '\0';
        
        if (mktemp(lock_fname) == NULL || lock_fname[0] == '\0')
        {
  ***************
  *** 411,421 ****
        if (timeout_req != NULL) dirconf = timeout_req->per_dir_config;
        else dirconf = current_conn->server->lookup_defaults;
        if (sig == SIGPIPE) {
  !         sprintf(errstr,"%s lost connection to client %s",
    	    timeout_name ? timeout_name : "request",
    	    get_remote_host(current_conn, dirconf, REMOTE_NAME));
        } else {
  !         sprintf(errstr,"%s timed out for %s",
    	    timeout_name ? timeout_name : "request",
    	    get_remote_host(current_conn, dirconf, REMOTE_NAME));
        }
  --- 413,423 ----
        if (timeout_req != NULL) dirconf = timeout_req->per_dir_config;
        else dirconf = current_conn->server->lookup_defaults;
        if (sig == SIGPIPE) {
  !         ap_snprintf(errstr, sizeof(errstr), "%s lost connection to client %s",
    	    timeout_name ? timeout_name : "request",
    	    get_remote_host(current_conn, dirconf, REMOTE_NAME));
        } else {
  !         ap_snprintf(errstr, sizeof(errstr), "%s timed out for %s",
    	    timeout_name ? timeout_name : "request",
    	    get_remote_host(current_conn, dirconf, REMOTE_NAME));
        }
  ***************
  *** 606,612 ****
    	exit(1);
        }
    
  !     sprintf(errstr, "created shared memory segment #%d", shmid);
        log_error(errstr, server_conf);
    
    #ifdef MOVEBREAK
  --- 608,614 ----
    	exit(1);
        }
    
  !     ap_snprintf(errstr, sizeof(errstr), "created shared memory segment #%d", shmid);
        log_error(errstr, server_conf);
    
    #ifdef MOVEBREAK
  ***************
  *** 658,664 ****
        if (shmctl(shmid, IPC_RMID, NULL) != 0) {
    	perror("shmctl");
    	fprintf(stderr, "httpd: Could not delete segment #%d\n", shmid);
  ! 	sprintf(errstr, "could not remove shared memory segment #%d", shmid);
    	log_unixerr("shmctl","IPC_RMID",errstr, server_conf);
        }
        if (scoreboard_image == BADSHMAT)	/* now bailout */
  --- 660,666 ----
        if (shmctl(shmid, IPC_RMID, NULL) != 0) {
    	perror("shmctl");
    	fprintf(stderr, "httpd: Could not delete segment #%d\n", shmid);
  ! 	ap_snprintf(errstr, sizeof(errstr), "could not remove shared memory segment #%d", shmid);
    	log_unixerr("shmctl","IPC_RMID",errstr, server_conf);
        }
        if (scoreboard_image == BADSHMAT)	/* now bailout */
  ***************
  *** 2020,2035 ****
        ptrans = make_sub_pool(pconf);
    
        server_argv0 = argv[0];
  !     strcpy (server_root, HTTPD_ROOT);
  !     strcpy (server_confname, SERVER_CONFIG_FILE);
    
        while((c = getopt(argc,argv,"Xd:f:vhl")) != -1) {
            switch(c) {
              case 'd':
  !             strcpy (server_root, optarg);
                break;
              case 'f':
  !             strcpy (server_confname, optarg);
                break;
              case 'v':
                printf("Server version %s.\n",SERVER_VERSION);
  --- 2022,2041 ----
        ptrans = make_sub_pool(pconf);
    
        server_argv0 = argv[0];
  !     strncpy (server_root, HTTPD_ROOT, sizeof(server_root)-1);
  !     server_root[sizeof(server_root)-1] = '\0';
  !     strncpy (server_confname, SERVER_CONFIG_FILE, sizeof(server_root)-1);
  !     server_confname[sizeof(server_confname)-1] = '\0';
    
        while((c = getopt(argc,argv,"Xd:f:vhl")) != -1) {
            switch(c) {
              case 'd':
  !             strncpy (server_root, optarg, sizeof(server_root)-1);
  !             server_root[sizeof(server_root)-1] = '\0';
                break;
              case 'f':
  !             strncpy (server_confname, optarg, sizeof(server_confname)-1);
  !             server_confname[sizeof(server_confname)-1] = '\0';
                break;
              case 'v':
                printf("Server version %s.\n",SERVER_VERSION);
  
  
  
  1.91      +17 -14    apache/src/http_protocol.c
  
  Index: http_protocol.c
  ===================================================================
  RCS file: /export/home/cvs/apache/src/http_protocol.c,v
  retrieving revision 1.90
  retrieving revision 1.91
  diff -C3 -r1.90 -r1.91
  *** http_protocol.c	1997/01/12 20:22:17	1.90
  --- http_protocol.c	1997/01/20 04:28:09	1.91
  ***************
  *** 140,150 ****
    
    	r->byterange = 1;
    
  ! 	sprintf(ts, "bytes %ld-%ld/%ld", range_start, range_end,
    		r->clength);
    	table_set(r->headers_out, "Content-Range",
    		  pstrdup(r->pool, ts));
  ! 	sprintf(ts, "%ld", range_end - range_start + 1);
    	table_set(r->headers_out, "Content-Length", ts);
        }
        else {
  --- 140,150 ----
    
    	r->byterange = 1;
    
  ! 	ap_snprintf(ts, sizeof(ts), "bytes %ld-%ld/%ld", range_start, range_end,
    		r->clength);
    	table_set(r->headers_out, "Content-Range",
    		  pstrdup(r->pool, ts));
  ! 	ap_snprintf(ts, sizeof(ts), "%ld", range_end - range_start + 1);
    	table_set(r->headers_out, "Content-Length", ts);
        }
        else {
  ***************
  *** 153,159 ****
    	
    	r->byterange = 2;
    	table_unset(r->headers_out, "Content-Length");
  ! 	sprintf(boundary, "%lx%lx", r->request_time, (long)getpid());
    	r->boundary = pstrdup(r->pool, boundary);
        }
        
  --- 153,159 ----
    	
    	r->byterange = 2;
    	table_unset(r->headers_out, "Content-Length");
  ! 	ap_snprintf(boundary, sizeof(boundary), "%lx%lx", r->request_time, (long)getpid());
    	r->boundary = pstrdup(r->pool, boundary);
        }
        
  ***************
  *** 181,187 ****
    	char *ct = r->content_type ? r->content_type : default_type(r);
    	char ts[MAX_STRING_LEN];
    
  ! 	sprintf(ts, "%ld-%ld/%ld", range_start, range_end, r->clength);
    	rvputs(r, "\015\012--", r->boundary, "\015\012Content-type: ",
    	       ct, "\015\012Content-range: bytes ", ts, "\015\012\015\012",
    	       NULL);
  --- 181,187 ----
    	char *ct = r->content_type ? r->content_type : default_type(r);
    	char ts[MAX_STRING_LEN];
    
  ! 	ap_snprintf(ts, sizeof(ts), "%ld-%ld/%ld", range_start, range_end, r->clength);
    	rvputs(r, "\015\012--", r->boundary, "\015\012Content-type: ",
    	       ct, "\015\012Content-range: bytes ", ts, "\015\012\015\012",
    	       NULL);
  ***************
  *** 198,204 ****
    
        r->clength = clength;
    
  !     sprintf (ts, "%ld", clength);
        table_set (r->headers_out, "Content-Length", pstrdup (r->pool, ts));
    
        return 0;
  --- 198,204 ----
    
        r->clength = clength;
    
  !     ap_snprintf (ts, sizeof(ts), "%ld", clength);
        table_set (r->headers_out, "Content-Length", pstrdup (r->pool, ts));
    
        return 0;
  ***************
  *** 225,231 ****
    	 * that sets the output to chunked encoding if it is not already
    	 * length-delimited.  It is not a bug, though it is annoying.
    	 */
  ! 	char header[26];
    	int left = r->server->keep_alive - r->connection->keepalives;
    	
    	r->connection->keepalive = 1;
  --- 225,231 ----
    	 * that sets the output to chunked encoding if it is not already
    	 * length-delimited.  It is not a bug, though it is annoying.
    	 */
  ! 	char header[256];
    	int left = r->server->keep_alive - r->connection->keepalives;
    	
    	r->connection->keepalive = 1;
  ***************
  *** 233,239 ****
    	
    	/* If they sent a Keep-Alive token, send one back */
    	if (ka_sent) {
  ! 	    sprintf(header, "timeout=%d, max=%d",
    		    r->server->keep_alive_timeout, left);
    	    rputs("Connection: Keep-Alive\015\012", r);
    	    rvputs(r, "Keep-Alive: ", header, "\015\012", NULL);
  --- 233,239 ----
    	
    	/* If they sent a Keep-Alive token, send one back */
    	if (ka_sent) {
  ! 	    ap_snprintf(header, sizeof(header), "timeout=%d, max=%d",
    		    r->server->keep_alive_timeout, left);
    	    rputs("Connection: Keep-Alive\015\012", r);
    	    rvputs(r, "Keep-Alive: ", header, "\015\012", NULL);
  ***************
  *** 280,289 ****
         */
    
        if (r->finfo.st_mode != 0)
  !         sprintf(weak_etag, "W/\"%lx-%lx-%lx\"", (unsigned long)r->finfo.st_ino,
    		(unsigned long)r->finfo.st_size, (unsigned long)mtime);
        else
  !         sprintf(weak_etag, "W/\"%lx\"", (unsigned long)mtime);
    
        etag = weak_etag + ((r->request_time - mtime > 1) ? 2 : 0);
        table_set (r->headers_out, "ETag", etag);
  --- 280,291 ----
         */
    
        if (r->finfo.st_mode != 0)
  !         ap_snprintf(weak_etag, sizeof(weak_etag), "W/\"%lx-%lx-%lx\"", 
  ! 		(unsigned long)r->finfo.st_ino,
    		(unsigned long)r->finfo.st_size, (unsigned long)mtime);
        else
  !         ap_snprintf(weak_etag, sizeof(weak_etag), "W/\"%lx\"",
  ! 		(unsigned long)mtime);
    
        etag = weak_etag + ((r->request_time - mtime > 1) ? 2 : 0);
        table_set (r->headers_out, "ETag", etag);
  ***************
  *** 752,760 ****
    
    void note_digest_auth_failure(request_rec *r)
    {
  !     char nonce[10];
    
  !     sprintf(nonce, "%lu", r->request_time);
        table_set (r->err_headers_out, "WWW-Authenticate",
                   pstrcat(r->pool, "Digest realm=\"", auth_name(r),
                           "\", nonce=\"", nonce, "\"", NULL));
  --- 754,762 ----
    
    void note_digest_auth_failure(request_rec *r)
    {
  !     char nonce[256];
    
  !     ap_snprintf(nonce, sizeof(nonce), "%lu", r->request_time);
        table_set (r->err_headers_out, "WWW-Authenticate",
                   pstrcat(r->pool, "Digest realm=\"", auth_name(r),
                           "\", nonce=\"", nonce, "\"", NULL));
  ***************
  *** 1251,1257 ****
            if (len_to_read == 0) {      /* Last chunk indicated, get footers */
                if (r->read_body == REQUEST_CHUNKED_DECHUNK) {
                    get_mime_headers(r);
  !                 sprintf(buffer, "%ld", r->read_length);
                    table_unset(r->headers_in, "Transfer-Encoding");
                    table_set(r->headers_in, "Content-Length", buffer);
                    return 0;
  --- 1253,1259 ----
            if (len_to_read == 0) {      /* Last chunk indicated, get footers */
                if (r->read_body == REQUEST_CHUNKED_DECHUNK) {
                    get_mime_headers(r);
  !                 ap_snprintf(buffer, bufsiz, "%ld", r->read_length);
                    table_unset(r->headers_in, "Transfer-Encoding");
                    table_set(r->headers_in, "Content-Length", buffer);
                    return 0;
  ***************
  *** 1659,1666 ****
    
            if (recursive_error) {
    	    char x[80];
  ! 	    sprintf (x, "Additionally, an error of type %d was encountered\n",
  ! 		     recursive_error);
    	    bputs(x, fd);
    	    bputs("while trying to use an ErrorDocument to\n", fd);
    	    bputs("handle the request.\n", fd);
  --- 1661,1669 ----
    
            if (recursive_error) {
    	    char x[80];
  ! 	    ap_snprintf (x, sizeof(x), 
  ! 		"Additionally, an error of type %d was encountered\n",
  ! 		recursive_error);
    	    bputs(x, fd);
    	    bputs("while trying to use an ErrorDocument to\n", fd);
    	    bputs("handle the request.\n", fd);
  
  
  
  1.38      +2 -2      apache/src/http_request.c
  
  Index: http_request.c
  ===================================================================
  RCS file: /export/home/cvs/apache/src/http_request.c,v
  retrieving revision 1.37
  retrieving revision 1.38
  diff -C3 -r1.37 -r1.38
  *** http_request.c	1997/01/14 05:03:06	1.37
  --- http_request.c	1997/01/20 04:28:10	1.38
  ***************
  *** 999,1005 ****
    request_rec *internal_internal_redirect (const char *new_uri, request_rec *r)
    {
        request_rec *new = (request_rec *)pcalloc(r->pool, sizeof(request_rec));
  !     char t[10];			/* Long enough... */
      
        new->connection = r->connection;
        new->server = r->server;
  --- 999,1005 ----
    request_rec *internal_internal_redirect (const char *new_uri, request_rec *r)
    {
        request_rec *new = (request_rec *)pcalloc(r->pool, sizeof(request_rec));
  !     char t[256];		/* Long enough... */
      
        new->connection = r->connection;
        new->server = r->server;
  ***************
  *** 1045,1051 ****
    				  */
        new->no_local_copy = r->no_local_copy;
    
  !     sprintf (t, "%d", r->status);
        table_set (new->subprocess_env, "REDIRECT_STATUS", pstrdup (r->pool, t));
    
        return new;
  --- 1045,1051 ----
    				  */
        new->no_local_copy = r->no_local_copy;
    
  !     ap_snprintf (t, sizeof(t), "%d", r->status);
        table_set (new->subprocess_env, "REDIRECT_STATUS", pstrdup (r->pool, t));
    
        return new;
  
  
  
  1.12      +2 -2      apache/src/mod_auth.c
  
  Index: mod_auth.c
  ===================================================================
  RCS file: /export/home/cvs/apache/src/mod_auth.c,v
  retrieving revision 1.11
  retrieving revision 1.12
  diff -C3 -r1.11 -r1.12
  *** mod_auth.c	1997/01/01 18:10:26	1.11
  --- mod_auth.c	1997/01/20 04:28:10	1.12
  ***************
  *** 198,211 ****
        if (!(real_pw = get_pw(r, c->user, sec->auth_pwfile))) {
    	if (!(sec->auth_authoritative))
    	    return DECLINED;
  !         sprintf(errstr,"user %s not found",c->user);
    	log_reason (errstr, r->uri, r);
    	note_basic_auth_failure (r);
    	return AUTH_REQUIRED;
        }
        /* anyone know where the prototype for crypt is? */
        if(strcmp(real_pw,(char *)crypt(sent_pw,real_pw))) {
  !         sprintf(errstr,"user %s: password mismatch",c->user);
    	log_reason (errstr, r->uri, r);
    	note_basic_auth_failure (r);
    	return AUTH_REQUIRED;
  --- 198,211 ----
        if (!(real_pw = get_pw(r, c->user, sec->auth_pwfile))) {
    	if (!(sec->auth_authoritative))
    	    return DECLINED;
  !         ap_snprintf(errstr, sizeof(errstr), "user %s not found",c->user);
    	log_reason (errstr, r->uri, r);
    	note_basic_auth_failure (r);
    	return AUTH_REQUIRED;
        }
        /* anyone know where the prototype for crypt is? */
        if(strcmp(real_pw,(char *)crypt(sent_pw,real_pw))) {
  !         ap_snprintf(errstr, sizeof(errstr), "user %s: password mismatch",c->user);
    	log_reason (errstr, r->uri, r);
    	note_basic_auth_failure (r);
    	return AUTH_REQUIRED;
  
  
  
  1.13      +3 -2      apache/src/mod_auth_anon.c
  
  Index: mod_auth_anon.c
  ===================================================================
  RCS file: /export/home/cvs/apache/src/mod_auth_anon.c,v
  retrieving revision 1.12
  retrieving revision 1.13
  diff -C3 -r1.12 -r1.13
  *** mod_auth_anon.c	1997/01/01 18:10:27	1.12
  --- mod_auth_anon.c	1997/01/20 04:28:10	1.13
  ***************
  *** 239,252 ****
    	  ) 
    	) {
          if (sec->auth_anon_logemail) {
  ! 	sprintf(errstr,"Anonymous: Passwd <%s> Accepted", 
    			send_pw ? send_pw : "\'none\'");
    	log_error (errstr, r->server );
          }
          return OK;
        } else {
            if (sec->auth_anon_authoritative) {
  ! 	sprintf(errstr,"Anonymous: Authoritative, Passwd <%s> not accepted",
    		send_pw ? send_pw : "\'none\'");
    	log_error(errstr,r->server);
    	return AUTH_REQUIRED;
  --- 239,253 ----
    	  ) 
    	) {
          if (sec->auth_anon_logemail) {
  ! 	ap_snprintf(errstr, sizeof(errstr), "Anonymous: Passwd <%s> Accepted", 
    			send_pw ? send_pw : "\'none\'");
    	log_error (errstr, r->server );
          }
          return OK;
        } else {
            if (sec->auth_anon_authoritative) {
  ! 	ap_snprintf(errstr, sizeof(errstr),
  ! 		"Anonymous: Authoritative, Passwd <%s> not accepted",
    		send_pw ? send_pw : "\'none\'");
    	log_error(errstr,r->server);
    	return AUTH_REQUIRED;
  
  
  
  1.10      +8 -5      apache/src/mod_auth_db.c
  
  Index: mod_auth_db.c
  ===================================================================
  RCS file: /export/home/cvs/apache/src/mod_auth_db.c,v
  retrieving revision 1.9
  retrieving revision 1.10
  diff -C3 -r1.9 -r1.10
  *** mod_auth_db.c	1997/01/01 18:10:27	1.9
  --- mod_auth_db.c	1997/01/20 04:28:11	1.10
  ***************
  *** 201,207 ****
        if(!(real_pw = get_db_pw(r, c->user, sec->auth_dbpwfile))) {
    	if (!(sec -> auth_dbauthoritative))
    	    return DECLINED; 
  !         sprintf(errstr,"DB user %s not found", c->user);
    	log_reason (errstr, r->filename, r);
    	note_basic_auth_failure (r);
    	return AUTH_REQUIRED;
  --- 201,207 ----
        if(!(real_pw = get_db_pw(r, c->user, sec->auth_dbpwfile))) {
    	if (!(sec -> auth_dbauthoritative))
    	    return DECLINED; 
  !         ap_snprintf(errstr, sizeof(errstr), "DB user %s not found", c->user);
    	log_reason (errstr, r->filename, r);
    	note_basic_auth_failure (r);
    	return AUTH_REQUIRED;
  ***************
  *** 211,217 ****
        if (colon_pw) *colon_pw='\0';   
        /* anyone know where the prototype for crypt is? */
        if(strcmp(real_pw,(char *)crypt(sent_pw,real_pw))) {
  !         sprintf(errstr,"user %s: password mismatch",c->user);
    	log_reason (errstr, r->uri, r);
    	note_basic_auth_failure (r);
    	return AUTH_REQUIRED;
  --- 211,218 ----
        if (colon_pw) *colon_pw='\0';   
        /* anyone know where the prototype for crypt is? */
        if(strcmp(real_pw,(char *)crypt(sent_pw,real_pw))) {
  !         ap_snprintf(errstr, sizeof(errstr), 
  ! 		"user %s: password mismatch",c->user);
    	log_reason (errstr, r->uri, r);
    	note_basic_auth_failure (r);
    	return AUTH_REQUIRED;
  ***************
  *** 253,260 ****
               if (!(groups = get_db_grp(r, user, sec->auth_dbgrpfile))) {
    	       if (!(sec->auth_dbauthoritative))
    		 return DECLINED;
  !                sprintf(errstr,"user %s not in DB group file %s",
  ! 		       user, sec->auth_dbgrpfile);
    	       log_reason (errstr, r->filename, r);
    	       note_basic_auth_failure (r);
    	       return AUTH_REQUIRED;
  --- 254,262 ----
               if (!(groups = get_db_grp(r, user, sec->auth_dbgrpfile))) {
    	       if (!(sec->auth_dbauthoritative))
    		 return DECLINED;
  !                ap_snprintf(errstr, sizeof(errstr), 
  ! 			"user %s not in DB group file %s",
  ! 			user, sec->auth_dbgrpfile);
    	       log_reason (errstr, r->filename, r);
    	       note_basic_auth_failure (r);
    	       return AUTH_REQUIRED;
  ***************
  *** 269,275 ****
                           return OK;
                   }
               }
  !            sprintf(errstr,"user %s not in right group",user);
    	   log_reason (errstr, r->filename, r);
               note_basic_auth_failure(r);
    	   return AUTH_REQUIRED;
  --- 271,278 ----
                           return OK;
                   }
               }
  !            ap_snprintf(errstr, sizeof(errstr), 
  ! 		"user %s not in right group",user);
    	   log_reason (errstr, r->filename, r);
               note_basic_auth_failure(r);
    	   return AUTH_REQUIRED;
  
  
  
  1.13      +8 -5      apache/src/mod_auth_dbm.c
  
  Index: mod_auth_dbm.c
  ===================================================================
  RCS file: /export/home/cvs/apache/src/mod_auth_dbm.c,v
  retrieving revision 1.12
  retrieving revision 1.13
  diff -C3 -r1.12 -r1.13
  *** mod_auth_dbm.c	1997/01/01 18:10:28	1.12
  --- mod_auth_dbm.c	1997/01/20 04:28:11	1.13
  ***************
  *** 189,195 ****
        if(!(real_pw = get_dbm_pw(r, c->user, sec->auth_dbmpwfile))) {
    	if (!(sec->auth_dbmauthoritative))
    	    return DECLINED;
  !         sprintf(errstr,"DBM user %s not found", c->user);
    	log_reason (errstr, r->filename, r);
    	note_basic_auth_failure (r);
    	return AUTH_REQUIRED;
  --- 189,195 ----
        if(!(real_pw = get_dbm_pw(r, c->user, sec->auth_dbmpwfile))) {
    	if (!(sec->auth_dbmauthoritative))
    	    return DECLINED;
  !         ap_snprintf(errstr, sizeof(errstr), "DBM user %s not found", c->user);
    	log_reason (errstr, r->filename, r);
    	note_basic_auth_failure (r);
    	return AUTH_REQUIRED;
  ***************
  *** 199,205 ****
        if (colon_pw) *colon_pw='\0';   
        /* anyone know where the prototype for crypt is? */
        if(strcmp(real_pw,(char *)crypt(sent_pw,real_pw))) {
  !         sprintf(errstr,"user %s: password mismatch",c->user);
    	log_reason (errstr, r->uri, r);
    	note_basic_auth_failure (r);
    	return AUTH_REQUIRED;
  --- 199,206 ----
        if (colon_pw) *colon_pw='\0';   
        /* anyone know where the prototype for crypt is? */
        if(strcmp(real_pw,(char *)crypt(sent_pw,real_pw))) {
  !         ap_snprintf(errstr, sizeof(errstr), 
  ! 		"user %s: password mismatch",c->user);
    	log_reason (errstr, r->uri, r);
    	note_basic_auth_failure (r);
    	return AUTH_REQUIRED;
  ***************
  *** 241,248 ****
               if (!(groups = get_dbm_grp(r, user, sec->auth_dbmgrpfile))) {
    	       if (!(sec->auth_dbmauthoritative))
    	           return DECLINED;
  !                sprintf(errstr,"user %s not in DBM group file %s",
  ! 		       user, sec->auth_dbmgrpfile);
    	       log_reason (errstr, r->filename, r);
    	       note_basic_auth_failure (r);
    	       return AUTH_REQUIRED;
  --- 242,250 ----
               if (!(groups = get_dbm_grp(r, user, sec->auth_dbmgrpfile))) {
    	       if (!(sec->auth_dbmauthoritative))
    	           return DECLINED;
  !                ap_snprintf(errstr, sizeof(errstr), 
  ! 			"user %s not in DBM group file %s",
  ! 			user, sec->auth_dbmgrpfile);
    	       log_reason (errstr, r->filename, r);
    	       note_basic_auth_failure (r);
    	       return AUTH_REQUIRED;
  ***************
  *** 257,263 ****
                           return OK;
                   }
               }
  !            sprintf(errstr,"user %s not in right group",user);
    	   log_reason (errstr, r->filename, r);
               note_basic_auth_failure(r);
    	   return AUTH_REQUIRED;
  --- 259,266 ----
                           return OK;
                   }
               }
  !            ap_snprintf(errstr, sizeof(errstr), 
  ! 		"user %s not in right group",user);
    	   log_reason (errstr, r->filename, r);
               note_basic_auth_failure(r);
    	   return AUTH_REQUIRED;
  
  
  
  1.18      +41 -23    apache/src/mod_auth_msql.c
  
  Index: mod_auth_msql.c
  ===================================================================
  RCS file: /export/home/cvs/apache/src/mod_auth_msql.c,v
  retrieving revision 1.17
  retrieving revision 1.18
  diff -C3 -r1.17 -r1.18
  *** mod_auth_msql.c	1997/01/01 18:10:28	1.17
  --- mod_auth_msql.c	1997/01/20 04:28:11	1.18
  ***************
  *** 560,566 ****
    
          /* does this fit ? */
          if (j >= (MAX_FIELD_LEN-1)) {
  ! 	sprintf(msql_errstr,"Could not escape '%s', longer than %d",in,MAX_FIELD_LEN);
    	return NULL;
    	};
    
  --- 560,567 ----
    
          /* does this fit ? */
          if (j >= (MAX_FIELD_LEN-1)) {
  ! 	ap_snprintf(msql_errstr, MAX_STRING_LENGTH, 
  ! 		"Could not escape '%s', longer than %d",in,MAX_FIELD_LEN);
    	return NULL;
    	};
    
  ***************
  *** 601,607 ****
    	/* (re) open if nessecary
    	 */
        	if (sock==-1) if ((sock=msqlConnect(host)) == -1) {
  ! 		sprintf (msql_errstr,
    			"mSQL: Could not connect to Msql DB %s (%s)",
    			(sec->auth_msql_host ? sec->auth_msql_host : "\'unset, assuming localhost!\'"),
    			msqlErrMsg);
  --- 602,608 ----
    	/* (re) open if nessecary
    	 */
        	if (sock==-1) if ((sock=msqlConnect(host)) == -1) {
  ! 		ap_snprintf (msql_errstr, MAX_STRING_LENGTH,
    			"mSQL: Could not connect to Msql DB %s (%s)",
    			(sec->auth_msql_host ? sec->auth_msql_host : "\'unset, assuming localhost!\'"),
    			msqlErrMsg);
  ***************
  *** 612,618 ****
    	 * and is quite cheap anyway
    	 */
        	if (msqlSelectDB(sock,sec->auth_msql_database) == -1 ) {
  ! 		sprintf (msql_errstr,"mSQL: Could not select Msql Table \'%s\' on host \'%s\'(%s)",
    			(sec->auth_msql_database ? sec->auth_msql_database : "\'unset!\'"),
    		        (sec->auth_msql_host ? sec->auth_msql_host : "\'unset, assuming localhost!\'"),
    			msqlErrMsg);
  --- 613,620 ----
    	 * and is quite cheap anyway
    	 */
        	if (msqlSelectDB(sock,sec->auth_msql_database) == -1 ) {
  ! 		ap_snprintf (msql_errstr, MAX_STRING_LENGTH,
  ! 			"mSQL: Could not select Msql Table \'%s\' on host \'%s\'(%s)",
    			(sec->auth_msql_database ? sec->auth_msql_database : "\'unset!\'"),
    		        (sec->auth_msql_host ? sec->auth_msql_host : "\'unset, assuming localhost!\'"),
    			msqlErrMsg);
  ***************
  *** 622,628 ****
    		}
    
        	if (msqlQuery(sock,query) == -1 ) {
  ! 		sprintf (msql_errstr,"mSQL: Could not Query database '%s' on host '%s' (%s) with query [%s]",
    			(sec->auth_msql_database ? sec->auth_msql_database : "\'unset!\'"),
    		        (sec->auth_msql_host ? sec->auth_msql_host : "\'unset, assuming localhost!\'"),
    		        msqlErrMsg,
  --- 624,631 ----
    		}
    
        	if (msqlQuery(sock,query) == -1 ) {
  ! 		ap_snprintf (msql_errstr, MAX_STRING_LENGTH,
  ! 			"mSQL: Could not Query database '%s' on host '%s' (%s) with query [%s]",
    			(sec->auth_msql_database ? sec->auth_msql_database : "\'unset!\'"),
    		        (sec->auth_msql_host ? sec->auth_msql_host : "\'unset, assuming localhost!\'"),
    		        msqlErrMsg,
  ***************
  *** 633,639 ****
    		}
    
    	if (!(results=msqlStoreResult())) {
  ! 		sprintf (msql_errstr,"mSQL: Could not get the results from mSQL database \'%s\' on \'%s\' (%s) with query [%s]",
    			(sec->auth_msql_database ? sec->auth_msql_database : "\'unset!\'"),
    		        (sec->auth_msql_host ? sec->auth_msql_host : "\'unset, assuming localhost!\'"),
    			msqlErrMsg,
  --- 636,643 ----
    		}
    
    	if (!(results=msqlStoreResult())) {
  ! 		ap_snprintf (msql_errstr, MAX_STRING_LENGTH,
  ! 			"mSQL: Could not get the results from mSQL database \'%s\' on \'%s\' (%s) with query [%s]",
    			(sec->auth_msql_database ? sec->auth_msql_database : "\'unset!\'"),
    		        (sec->auth_msql_host ? sec->auth_msql_host : "\'unset, assuming localhost!\'"),
    			msqlErrMsg,
  ***************
  *** 649,656 ****
              /* complain if there are to many
               * matches.
               */
  !           sprintf (msql_errstr,"mSQL: More than %d matches (%d) whith query [%s]",
  !           	   once,hit,( query ? query : "\'unset!\'") );
    	} else
    	/* if we have a it, try to get it
    	*/
  --- 653,661 ----
              /* complain if there are to many
               * matches.
               */
  !           ap_snprintf (msql_errstr, MAX_STRING_LENGTH,
  ! 		"mSQL: More than %d matches (%d) whith query [%s]",
  !          	once,hit,( query ? query : "\'unset!\'") );
    	} else
    	/* if we have a it, try to get it
    	*/
  ***************
  *** 658,664 ****
    		if ( (currow=msqlFetchRow(results)) != NULL) {
    			/* copy the first matching field value */
    			if (!(result=palloc(r->pool,strlen(currow[0])+1))) {
  ! 				sprintf (msql_errstr,"mSQL: Could not get memory for mSQL %s (%s) with [%s]",
    					(sec->auth_msql_database ? sec->auth_msql_database : "\'unset!\'"),
    					msqlErrMsg,
    					( query ? query : "\'unset!\'") );
  --- 663,670 ----
    		if ( (currow=msqlFetchRow(results)) != NULL) {
    			/* copy the first matching field value */
    			if (!(result=palloc(r->pool,strlen(currow[0])+1))) {
  ! 				ap_snprintf (msql_errstr, MAX_STRING_LENGTH,
  ! 					"mSQL: Could not get memory for mSQL %s (%s) with [%s]",
    					(sec->auth_msql_database ? sec->auth_msql_database : "\'unset!\'"),
    					msqlErrMsg,
    					( query ? query : "\'unset!\'") );
  ***************
  *** 695,701 ****
    	    (!sec->auth_msql_pwd_field) ||
    	    (!sec->auth_msql_uname_field)
    	   ) {
  ! 		sprintf(msql_errstr,
    			"mSQL: Missing parameters for password lookup: %s%s%s",
    			(sec->auth_msql_pwd_table ? "" : "Password table "),
    			(sec->auth_msql_pwd_field ? "" : "Password field name "),
  --- 701,707 ----
    	    (!sec->auth_msql_pwd_field) ||
    	    (!sec->auth_msql_uname_field)
    	   ) {
  ! 		ap_snprintf(msql_errstr, MAX_STRING_LENGTH,
    			"mSQL: Missing parameters for password lookup: %s%s%s",
    			(sec->auth_msql_pwd_table ? "" : "Password table "),
    			(sec->auth_msql_pwd_field ? "" : "Password field name "),
  ***************
  *** 705,715 ****
    		};
    
        	if (!(msql_escape(esc_user, user, msql_errstr))) {
  ! 		sprintf(msql_errstr,
    			"mSQL: Could not cope/escape the '%s' user_id value; ",user);
    		return NULL;
        	};
  !     	sprintf(query,"select %s from %s where %s='%s'",
    		sec->auth_msql_pwd_field,
    		sec->auth_msql_pwd_table,
    		sec->auth_msql_uname_field,
  --- 711,722 ----
    		};
    
        	if (!(msql_escape(esc_user, user, msql_errstr))) {
  ! 		ap_snprintf(msql_errstr, MAX_STRING_LENGTH,
    			"mSQL: Could not cope/escape the '%s' user_id value; ",user);
    		return NULL;
        	};
  !     	ap_snprintf(query, sizeof(query),
  ! 		"select %s from %s where %s='%s'",
    		sec->auth_msql_pwd_field,
    		sec->auth_msql_pwd_table,
    		sec->auth_msql_uname_field,
  ***************
  *** 731,737 ****
    	    (!sec->auth_msql_grp_field) ||
    	    (!sec->auth_msql_uname_field)
    	   ) {
  ! 		sprintf(msql_errstr,
    			"mSQL: Missing parameters for group lookup: %s%s%s",
    			(sec->auth_msql_grp_table ? "" : "Group table "),
    			(sec->auth_msql_grp_field ? "" : "GroupID field name "),
  --- 738,744 ----
    	    (!sec->auth_msql_grp_field) ||
    	    (!sec->auth_msql_uname_field)
    	   ) {
  ! 		ap_snprintf(msql_errstr, MAX_STRING_LENGTH,
    			"mSQL: Missing parameters for group lookup: %s%s%s",
    			(sec->auth_msql_grp_table ? "" : "Group table "),
    			(sec->auth_msql_grp_field ? "" : "GroupID field name "),
  ***************
  *** 741,759 ****
    		};
    
        	if (!(msql_escape(esc_user, user,msql_errstr))) {
  ! 		sprintf(msql_errstr,
    			"mSQL: Could not cope/escape the '%s' user_id value",user);
    
    		return NULL;
        	};
        	if (!(msql_escape(esc_group, group,msql_errstr))) {
  ! 		sprintf(msql_errstr,
    			"mSQL: Could not cope/escape the '%s' group_id value",group);
    
    		return NULL;
        	};
    
  !     	sprintf(query,"select %s from %s where %s='%s' and %s='%s'",
    		sec->auth_msql_grp_field,
    		sec->auth_msql_grp_table,
    		sec->auth_msql_uname_field,esc_user,
  --- 748,767 ----
    		};
    
        	if (!(msql_escape(esc_user, user,msql_errstr))) {
  ! 		ap_snprintf(msql_errstr, MAX_STRING_LENGTH,
    			"mSQL: Could not cope/escape the '%s' user_id value",user);
    
    		return NULL;
        	};
        	if (!(msql_escape(esc_group, group,msql_errstr))) {
  ! 		ap_snprintf(msql_errstr, MAX_STRING_LENGTH,
    			"mSQL: Could not cope/escape the '%s' group_id value",group);
    
    		return NULL;
        	};
    
  !     	ap_snprintf(query, sizeof(query), 
  ! 		"select %s from %s where %s='%s' and %s='%s'",
    		sec->auth_msql_grp_field,
    		sec->auth_msql_grp_table,
    		sec->auth_msql_uname_field,esc_user,
  ***************
  *** 770,775 ****
  --- 778,786 ----
          (msql_auth_config_rec *)get_module_config (r->per_dir_config,
    						&msql_auth_module);
        char msql_errstr[MAX_STRING_LEN];
  +         /* msql_errstr must be MAX_STRING_LEN in size unless you
  +          * change size in ap_snprintf() calls
  +          */
        conn_rec *c = r->connection;
        char *sent_pw, *real_pw;
        int res;
  ***************
  *** 795,801 ****
    		if (sec->auth_msql_authoritative) {
              	   /* insist that the user is in the database
              	    */
  !           	   sprintf(msql_errstr,"mSQL: Password for user %s not found", c->user);
    		   note_basic_auth_failure (r);
    		   res = AUTH_REQUIRED;
    		   } else {
  --- 806,813 ----
    		if (sec->auth_msql_authoritative) {
              	   /* insist that the user is in the database
              	    */
  !           	   ap_snprintf(msql_errstr, MAX_STRING_LENGTH,
  ! 			"mSQL: Password for user %s not found", c->user);
    		   note_basic_auth_failure (r);
    		   res = AUTH_REQUIRED;
    		   } else {
  ***************
  *** 814,820 ****
    
        if ((sec->auth_msql_nopasswd) && (!strlen(real_pw))) {
    /*
  !         sprintf(msql_errstr,"mSQL: user %s: Empty/'any' password accepted",c->user);
    	log_reason (msql_errstr, r->uri, r);
     */
    	return OK;
  --- 826,833 ----
    
        if ((sec->auth_msql_nopasswd) && (!strlen(real_pw))) {
    /*
  !         ap_snprintf(msql_errstr, MAX_STRING_LENGTH,
  ! 		"mSQL: user %s: Empty/'any' password accepted",c->user);
    	log_reason (msql_errstr, r->uri, r);
     */
    	return OK;
  ***************
  *** 824,830 ****
         * an arms length.
         */
        if ((!strlen(real_pw)) || (!strlen(sent_pw))) {
  !         sprintf(msql_errstr,"mSQL: user %s: Empty Password(s) Rejected",c->user);
    	log_reason (msql_errstr, r->uri, r);
    	note_basic_auth_failure (r);
    	return AUTH_REQUIRED;
  --- 837,844 ----
         * an arms length.
         */
        if ((!strlen(real_pw)) || (!strlen(sent_pw))) {
  !         ap_snprintf(msql_errstr, MAX_STRING_LENGTH,
  ! 		"mSQL: user %s: Empty Password(s) Rejected",c->user);
    	log_reason (msql_errstr, r->uri, r);
    	note_basic_auth_failure (r);
    	return AUTH_REQUIRED;
  ***************
  *** 842,848 ****
            };
    
        if (strcmp(real_pw,sent_pw)) {
  !         sprintf(msql_errstr,"mSQL user %s: password mismatch",c->user);
    	log_reason (msql_errstr, r->uri, r);
    	note_basic_auth_failure (r);
    	return AUTH_REQUIRED;
  --- 856,863 ----
            };
    
        if (strcmp(real_pw,sent_pw)) {
  !         ap_snprintf(msql_errstr, MAX_STRING_LENGTH,
  ! 		"mSQL user %s: password mismatch",c->user);
    	log_reason (msql_errstr, r->uri, r);
    	note_basic_auth_failure (r);
    	return AUTH_REQUIRED;
  ***************
  *** 859,864 ****
  --- 874,882 ----
          (msql_auth_config_rec *)get_module_config (r->per_dir_config,
    						&msql_auth_module);
        char msql_errstr[MAX_STRING_LEN];
  + 	/* msql_errstr must be MAX_STRING_LEN in size unless you
  + 	 * change size in ap_snprintf() calls
  + 	 */
        char *user = r->connection->user;
        int m = r->method_number;
        array_header *reqs_arr = requires (r);
  ***************
  *** 873,879 ****
    
        if (!reqs_arr) {
    	if (sec->auth_msql_authoritative) {
  ! 	        sprintf(msql_errstr,"user %s denied, no access rules specified (MSQL-Authoritative) ",user);
    		log_reason (msql_errstr, r->uri, r);
    	        note_basic_auth_failure(r);
    		return AUTH_REQUIRED;
  --- 891,897 ----
    
        if (!reqs_arr) {
    	if (sec->auth_msql_authoritative) {
  ! 	        ap_snprintf(msql_errstr, MAX_STRING_LENGTH, "user %s denied, no access rules specified (MSQL-Authoritative) ",user);
    		log_reason (msql_errstr, r->uri, r);
    	        note_basic_auth_failure(r);
    		return AUTH_REQUIRED;
  ***************
  *** 898,904 ****
    		};
                }
    	    if ((sec->auth_msql_authoritative) && ( user_result != OK)) {
  !            	sprintf(msql_errstr,"User %s not found (MSQL-Auhtorative)",user);
    		log_reason (msql_errstr, r->uri, r);
               	note_basic_auth_failure(r);
    		return AUTH_REQUIRED;
  --- 916,922 ----
    		};
                }
    	    if ((sec->auth_msql_authoritative) && ( user_result != OK)) {
  !            	ap_snprintf(msql_errstr, MAX_STRING_LENGTH, "User %s not found (MSQL-Auhtorative)",user);
    		log_reason (msql_errstr, r->uri, r);
               	note_basic_auth_failure(r);
    		return AUTH_REQUIRED;
  ***************
  *** 926,932 ****
    		};
    
    	   if ( (sec->auth_msql_authoritative) && (group_result != OK) ) {
  !            	sprintf(msql_errstr,"user %s not in right groups (MSQL-Authoritative) ",user);
    		log_reason (msql_errstr, r->uri, r);
               	note_basic_auth_failure(r);
    		return AUTH_REQUIRED;
  --- 944,950 ----
    		};
    
    	   if ( (sec->auth_msql_authoritative) && (group_result != OK) ) {
  !            	ap_snprintf(msql_errstr, MAX_STRING_LENGTH, "user %s not in right groups (MSQL-Authoritative) ",user);
    		log_reason (msql_errstr, r->uri, r);
               	note_basic_auth_failure(r);
    		return AUTH_REQUIRED;
  ***************
  *** 943,949 ****
         * This really is not needed.
         */
        if (((group_result == AUTH_REQUIRED) || (user_result == AUTH_REQUIRED)) && (sec->auth_msql_authoritative) ) {
  !         sprintf(msql_errstr,"mSQL-Authoritative: Access denied on %s %s rule(s) ", 
    		(group_result == AUTH_REQUIRED) ? "USER" : "", 
    		(user_result == AUTH_REQUIRED) ? "GROUP" : ""
    		);
  --- 961,967 ----
         * This really is not needed.
         */
        if (((group_result == AUTH_REQUIRED) || (user_result == AUTH_REQUIRED)) && (sec->auth_msql_authoritative) ) {
  !         ap_snprintf(msql_errstr, MAX_STRING_LENGTH, "mSQL-Authoritative: Access denied on %s %s rule(s) ", 
    		(group_result == AUTH_REQUIRED) ? "USER" : "", 
    		(user_result == AUTH_REQUIRED) ? "GROUP" : ""
    		);
  
  
  
  1.28      +1 -1      apache/src/mod_cgi.c
  
  Index: mod_cgi.c
  ===================================================================
  RCS file: /export/home/cvs/apache/src/mod_cgi.c,v
  retrieving revision 1.27
  retrieving revision 1.28
  diff -C3 -r1.27 -r1.28
  *** mod_cgi.c	1997/01/01 18:10:30	1.27
  --- mod_cgi.c	1997/01/20 04:28:12	1.28
  ***************
  *** 331,337 ****
         * now, so that's what we use).
         */
        
  !     sprintf(err_string,
    	    "exec of %s failed, errno is %d\n", r->filename, errno);
        write(2, err_string, strlen(err_string));
        exit(0);
  --- 331,337 ----
         * now, so that's what we use).
         */
        
  !     ap_snprintf(err_string, sizeof(err_string),
    	    "exec of %s failed, errno is %d\n", r->filename, errno);
        write(2, err_string, strlen(err_string));
        exit(0);
  
  
  
  1.13      +2 -2      apache/src/mod_digest.c
  
  Index: mod_digest.c
  ===================================================================
  RCS file: /export/home/cvs/apache/src/mod_digest.c,v
  retrieving revision 1.12
  retrieving revision 1.13
  diff -C3 -r1.12 -r1.13
  *** mod_digest.c	1997/01/01 18:10:30	1.12
  --- mod_digest.c	1997/01/20 04:28:12	1.13
  ***************
  *** 277,290 ****
            return DECLINED;
    	
        if (!(a1 = get_hash(r, c->user, sec->pwfile))) {
  !         sprintf(errstr,"user %s not found",c->user);
    	log_reason (errstr, r->uri, r);
    	note_digest_auth_failure (r);
    	return AUTH_REQUIRED;
        }
        /* anyone know where the prototype for crypt is? */
        if(strcmp(response->digest, find_digest(r, response, a1))) {
  !         sprintf(errstr,"user %s: password mismatch",c->user);
    	log_reason (errstr, r->uri, r);
    	note_digest_auth_failure (r);
    	return AUTH_REQUIRED;
  --- 277,290 ----
            return DECLINED;
    	
        if (!(a1 = get_hash(r, c->user, sec->pwfile))) {
  !         ap_snprintf(errstr, sizeof(errstr), "user %s not found",c->user);
    	log_reason (errstr, r->uri, r);
    	note_digest_auth_failure (r);
    	return AUTH_REQUIRED;
        }
        /* anyone know where the prototype for crypt is? */
        if(strcmp(response->digest, find_digest(r, response, a1))) {
  !         ap_snprintf(errstr, sizeof(errstr), "user %s: password mismatch",c->user);
    	log_reason (errstr, r->uri, r);
    	note_digest_auth_failure (r);
    	return AUTH_REQUIRED;
  
  
  
  1.6       +1 -1      apache/src/mod_expires.c
  
  Index: mod_expires.c
  ===================================================================
  RCS file: /export/home/cvs/apache/src/mod_expires.c,v
  retrieving revision 1.5
  retrieving revision 1.6
  diff -C3 -r1.5 -r1.6
  *** mod_expires.c	1997/01/01 18:10:32	1.5
  --- mod_expires.c	1997/01/20 04:28:12	1.6
  ***************
  *** 321,327 ****
    	word = getword_conf( pool, &code );
        };
    
  !     sprintf( foo, "%c%d", base, modifier );
        *real_code = pstrdup( pool, foo );
    
        return NULL;
  --- 321,327 ----
    	word = getword_conf( pool, &code );
        };
    
  !     ap_snprintf(foo, sizeof(foo), "%c%d", base, modifier );
        *real_code = pstrdup( pool, foo );
    
        return NULL;
  
  
  
  1.15      +31 -17    apache/src/mod_imap.c
  
  Index: mod_imap.c
  ===================================================================
  RCS file: /export/home/cvs/apache/src/mod_imap.c,v
  retrieving revision 1.14
  retrieving revision 1.15
  diff -C3 -r1.14 -r1.15
  *** mod_imap.c	1997/01/01 18:10:33	1.14
  --- mod_imap.c	1997/01/20 04:28:13	1.15
  ***************
  *** 354,360 ****
      return(string - starting_pos); /* return the total characters read */
    }
    
  ! 
    void imap_url(request_rec *r, char *base, char *value, char *url) 
    {
    /* translates a value into a URL. */
  --- 354,362 ----
      return(string - starting_pos); /* return the total characters read */
    }
    
  ! /*
  !  * url needs to point to a string with at least SMALLBUF memory allocated
  !  */
    void imap_url(request_rec *r, char *base, char *value, char *url) 
    {
    /* translates a value into a URL. */
  ***************
  *** 366,389 ****
    
      if ( ! strcasecmp(value, "map" ) || ! strcasecmp(value, "menu") ) {
        if (r->server->port == 80 ) { 
  !       sprintf(url, "http://%s%s", r->server->server_hostname, r->uri);
        }
        else {
  !       sprintf(url, "http://%s:%d%s", r->server->server_hostname,
    	      r->server->port, r->uri);      
        }
        return;  
      }
    
      if ( ! strcasecmp(value, "nocontent") || ! strcasecmp(value, "error") ) {
  !     strncpy(url, value, SMALLBUF);
        return;    /* these are handled elsewhere, so just copy them */
      }
    
      if ( ! strcasecmp(value, "referer" ) ) {
        referer = table_get(r->headers_in, "Referer");
        if ( referer && *referer ) {
  !       strncpy(url, referer, SMALLBUF);
          return;
        }
        else {
  --- 368,394 ----
    
      if ( ! strcasecmp(value, "map" ) || ! strcasecmp(value, "menu") ) {
        if (r->server->port == 80 ) { 
  !       ap_snprintf(url, SMALLBUF,
  ! 		"http://%s%s", r->server->server_hostname, r->uri);
        }
        else {
  !       ap_snprintf(url, SMALLBUF, "http://%s:%d%s", r->server->server_hostname,
    	      r->server->port, r->uri);      
        }
        return;  
      }
    
      if ( ! strcasecmp(value, "nocontent") || ! strcasecmp(value, "error") ) {
  !     strncpy(url, value, SMALLBUF-1);
  !     url[SMALLBUF-1] = '\0';
        return;    /* these are handled elsewhere, so just copy them */
      }
    
      if ( ! strcasecmp(value, "referer" ) ) {
        referer = table_get(r->headers_in, "Referer");
        if ( referer && *referer ) {
  !       strncpy(url, referer, SMALLBUF-1);
  !       url[SMALLBUF-1] = '\0';
          return;
        }
        else {
  ***************
  *** 395,421 ****
      while ( isalpha(*string_pos) )
        string_pos++;    /* go along the URL from the map until a non-letter */
      if ( *string_pos == ':' ) { 
  !     strncpy(url, value, SMALLBUF);        /* if letters and then a colon (like http:) */
        return;                    /* it's an absolute URL, so use it! */
      }
    
      if ( ! base || ! *base ) {
        if ( value && *value ) {  
  !       strncpy(url, value, SMALLBUF);   /* no base: use what is given */
        }         
        else {                  
          if (r->server->port == 80 ) {  
  ! 	sprintf(url, "http://%s/", r->server->server_hostname);
          }            
          if (r->server->port != 80 ) {
  ! 	sprintf(url, "http://%s:%d/", r->server->server_hostname, 
  ! 		r->server->port);
          }                     /* no base, no value: pick a simple default */
        }
        return;  
      }
    
  !   strncpy(my_base, base, SMALLBUF);  /* must be a relative URL to be combined with base */
      string_pos = my_base; 
      while (*string_pos) {  
        if (*string_pos == '/' && *(string_pos+1) == '/') {
  --- 400,429 ----
      while ( isalpha(*string_pos) )
        string_pos++;    /* go along the URL from the map until a non-letter */
      if ( *string_pos == ':' ) { 
  !     strncpy(url, value, SMALLBUF-1);        /* if letters and then a colon (like http:) */
  !     url[SMALLBUF-1] = '\0';
        return;                    /* it's an absolute URL, so use it! */
      }
    
      if ( ! base || ! *base ) {
        if ( value && *value ) {  
  !       strncpy(url, value, SMALLBUF-1);   /* no base: use what is given */
  !       url[SMALLBUF-1] = '\0';
        }         
        else {                  
          if (r->server->port == 80 ) {  
  ! 	ap_snprintf(url, SMALLBUF, "http://%s/", r->server->server_hostname);
          }            
          if (r->server->port != 80 ) {
  ! 	ap_snprintf(url, SMALLBUF, "http://%s:%d/",
  ! 		r->server->server_hostname, r->server->port);
          }                     /* no base, no value: pick a simple default */
        }
        return;  
      }
    
  !   strncpy(my_base, base, sizeof(my_base)-1);  /* must be a relative URL to be combined with base */
  !   my_base[sizeof(my_base)-1] = '\0';
      string_pos = my_base; 
      while (*string_pos) {  
        if (*string_pos == '/' && *(string_pos+1) == '/') {
  ***************
  *** 473,482 ****
      }                   /* by this point, value does not start with '..' */
    
      if ( value && *value ) {
  !     sprintf(url, "%s%s", my_base, value);   
      }
      else {
  !     sprintf(url, "%s", my_base);   
      }
      return;
    }
  --- 481,490 ----
      }                   /* by this point, value does not start with '..' */
    
      if ( value && *value ) {
  !     ap_snprintf(url, SMALLBUF, "%s%s", my_base, value);   
      }
      else {
  !     ap_snprintf(url, SMALLBUF, "%s", my_base);   
      }
      return;
    }
  ***************
  *** 600,605 ****
  --- 608,616 ----
    int imap_handler(request_rec *r)
    {
      char input[LARGEBUF] = {'\0'};
  + 	/* size of input can not be lowered without changing hard-coded
  + 	 * checks
  + 	 */
      char href_text[SMALLBUF] = {'\0'};
      char base[SMALLBUF] = {'\0'};
      char redirect[SMALLBUF] = {'\0'};
  ***************
  *** 675,681 ****
        } /* blank lines and comments are ignored if we aren't printing a menu */
    
    
  !     if (sscanf(input, "%s %s", directive, value) != 2) {
          continue;                           /* make sure we read two fields */
        }
        /* Now skip what we just read... we can't use ANSIism %n */
  --- 686,692 ----
        } /* blank lines and comments are ignored if we aren't printing a menu */
    
    
  !     if (sscanf(input, "%.200s %.200s", directive, value) != 2) {
          continue;                           /* make sure we read two fields */
        }
        /* Now skip what we just read... we can't use ANSIism %n */
  ***************
  *** 698,704 ****
          imap_url(r, NULL, value, mapdflt);
          if (showmenu) {              /* print the default if there's a menu */
    	if (! *href_text) {           /* if we didn't find a "href text" */
  ! 	  strncpy(href_text, mapdflt, SMALLBUF); /* use the href itself as text */
    	}
    	imap_url(r, base, mapdflt, redirect); 
    	menu_default(r, imap_menu, redirect, href_text);
  --- 709,716 ----
          imap_url(r, NULL, value, mapdflt);
          if (showmenu) {              /* print the default if there's a menu */
    	if (! *href_text) {           /* if we didn't find a "href text" */
  ! 	  strncpy(href_text, mapdflt, sizeof(href_text)-1); /* use the href itself as text */
  ! 	  href_text[sizeof(href_text)-1] = '\0';
    	}
    	imap_url(r, base, mapdflt, redirect); 
    	menu_default(r, imap_menu, redirect, href_text);
  ***************
  *** 729,735 ****
        if (showmenu) {
          read_quoted(string_pos, href_text); /* href text could be here instead */
          if (! *href_text) {           /* if we didn't find a "href text" */
  ! 	strncpy(href_text, value, SMALLBUF);  /* use the href itself in the menu */
          }
          imap_url(r, base, value, redirect); 
          menu_directive(r, imap_menu, redirect, href_text);
  --- 741,748 ----
        if (showmenu) {
          read_quoted(string_pos, href_text); /* href text could be here instead */
          if (! *href_text) {           /* if we didn't find a "href text" */
  ! 	strncpy(href_text, value, sizeof(href_text)-1);  /* use the href itself in the menu */
  ! 	href_text[sizeof(href_text)-1] = '\0';
          }
          imap_url(r, base, value, redirect); 
          menu_directive(r, imap_menu, redirect, href_text);
  ***************
  *** 774,780 ****
        if ( ! strcasecmp(directive, "point" ) ) {         /* point */
          
          if (is_closer(testpoint, pointarray, &closest_yet) ) {
  ! 	strncpy(closest, value, SMALLBUF);  /* if the closest point yet save it */
          }
          
          continue;    
  --- 787,794 ----
        if ( ! strcasecmp(directive, "point" ) ) {         /* point */
          
          if (is_closer(testpoint, pointarray, &closest_yet) ) {
  ! 	strncpy(closest, value, sizeof(closest)-1);  /* if the closest point yet save it */
  ! 	closest[sizeof(closest)-1] = '\0';
          }
          
          continue;    
  
  
  
  1.21      +30 -13    apache/src/mod_include.c
  
  Index: mod_include.c
  ===================================================================
  RCS file: /export/home/cvs/apache/src/mod_include.c,v
  retrieving revision 1.20
  retrieving revision 1.21
  diff -C3 -r1.20 -r1.21
  *** mod_include.c	1997/01/01 18:10:35	1.20
  --- mod_include.c	1997/01/20 04:28:13	1.21
  ***************
  *** 98,104 ****
          table_set(e, "USER_NAME", pw->pw_name);
        } else {
          char uid[16];
  !       sprintf(uid, "user#%lu", (unsigned long)r->finfo.st_uid);
          table_set(e, "USER_NAME", uid);
        }
    
  --- 98,104 ----
          table_set(e, "USER_NAME", pw->pw_name);
        } else {
          char uid[16];
  !       ap_snprintf(uid, sizeof(uid), "user#%lu", (unsigned long)r->finfo.st_uid);
          table_set(e, "USER_NAME", uid);
        }
    
  ***************
  *** 261,267 ****
    		GET_CHAR(in,c,NULL,p);
    	    } while (isspace(c));
                if(c == '>') {
  !                 strcpy(tag,"done");
                    return tag;
                }
            }
  --- 261,268 ----
    		GET_CHAR(in,c,NULL,p);
    	    } while (isspace(c));
                if(c == '>') {
  !                 strncpy(tag,"done", tagbuf_len-1);
  ! 		tag[tagbuf_len-1] = '\0';
                    return tag;
                }
            }
  ***************
  *** 462,468 ****
    	    if (tag[0] == 'f')
    	    { /* be safe; only files in this directory or below allowed */
    		char tmp[MAX_STRING_LEN+2];
  ! 		sprintf(tmp, "/%s/", parsed_string);
    		if (parsed_string[0] == '/' || strstr(tmp, "/../") != NULL)
    		    error_fmt = "unable to include file %s in parsed file %s";
    		else
  --- 463,469 ----
    	    if (tag[0] == 'f')
    	    { /* be safe; only files in this directory or below allowed */
    		char tmp[MAX_STRING_LEN+2];
  ! 		ap_snprintf(tmp, sizeof(tmp), "/%s/", parsed_string);
    		if (parsed_string[0] == '/' || strstr(tmp, "/../") != NULL)
    		    error_fmt = "unable to include file %s in parsed file %s";
    		else
  ***************
  *** 567,574 ****
    #ifdef DEBUG_INCLUDE_CMD    
        fprintf (dbg, "Exec failed\n");
    #endif    
  !     sprintf(err_string, "httpd: exec of %s failed, errno is %d\n",
  ! 	    SHELL_PATH,errno);
        write (2, err_string, strlen(err_string));
        exit(0);
    }
  --- 568,576 ----
    #ifdef DEBUG_INCLUDE_CMD    
        fprintf (dbg, "Exec failed\n");
    #endif    
  !     ap_snprintf(err_string, sizeof(err_string),
  ! 	"httpd: exec of %s failed, errno is %d\n",
  ! 	SHELL_PATH,errno);
        write (2, err_string, strlen(err_string));
        exit(0);
    }
  ***************
  *** 653,658 ****
  --- 655,663 ----
        }
    }
    
  + /* error and tf must point to a string with room for at 
  +  * least MAX_STRING_LEN characters 
  +  */
    int handle_config(FILE *in, request_rec *r, char *error, char *tf,
                      int *sizefmt) {
        char tag[MAX_STRING_LEN];
  ***************
  *** 665,675 ****
                return 1;
            if(!strcmp(tag,"errmsg")) {
                parse_string(r, tag_val, parsed_string, MAX_STRING_LEN, 0);
  !             strcpy(error,parsed_string);
            } else if(!strcmp(tag,"timefmt")) {
      	    time_t date = r->request_time;
                parse_string(r, tag_val, parsed_string, MAX_STRING_LEN, 0);
  !             strcpy(tf,parsed_string);
                table_set (env, "DATE_LOCAL", ht_time(r->pool,date,tf,0));
                table_set (env, "DATE_GMT", ht_time(r->pool,date,tf,1));
                table_set (env, "LAST_MODIFIED", ht_time(r->pool,r->finfo.st_mtime,tf,0));
  --- 670,682 ----
                return 1;
            if(!strcmp(tag,"errmsg")) {
                parse_string(r, tag_val, parsed_string, MAX_STRING_LEN, 0);
  !             strncpy(error,parsed_string,MAX_STRING_LEN-1);
  ! 	    error[MAX_STRING_LEN-1] = '\0';
            } else if(!strcmp(tag,"timefmt")) {
      	    time_t date = r->request_time;
                parse_string(r, tag_val, parsed_string, MAX_STRING_LEN, 0);
  !             strncpy(tf,parsed_string,MAX_STRING_LEN-1);
  ! 	    tf[MAX_STRING_LEN-1] = '\0';
                table_set (env, "DATE_LOCAL", ht_time(r->pool,date,tf,0));
                table_set (env, "DATE_GMT", ht_time(r->pool,date,tf,1));
                table_set (env, "LAST_MODIFIED", ht_time(r->pool,r->finfo.st_mtime,tf,0));
  ***************
  *** 759,767 ****
                    else {
                        int l,x;
    #if defined(BSD) && BSD > 199305
  !                     sprintf(tag,"%qd",finfo.st_size);
    #else
  !                     sprintf(tag,"%ld",finfo.st_size);
    #endif
                        l = strlen(tag); /* grrr */
                        for(x=0;x<l;x++) {
  --- 766,775 ----
                    else {
                        int l,x;
    #if defined(BSD) && BSD > 199305
  ! 		    /* ap_snprintf can't handle %qd */
  !                     sprintf(tag,"%qd", finfo.st_size);
    #else
  !                     ap_snprintf(tag, sizeof(tag), "%ld",finfo.st_size);
    #endif
                        l = strlen(tag); /* grrr */
                        for(x=0;x<l;x++) {
  ***************
  *** 964,971 ****
                switch(current->token.type) {
                  case token_string:
                    if (current->token.value[0] != '\0')
  !                     strncat(current->token.value, " ", MAX_STRING_LEN-1);
  !                 strncat(current->token.value, new->token.value, MAX_STRING_LEN-1);
                    break;
                  case token_eq:
                  case token_ne:
  --- 972,981 ----
                switch(current->token.type) {
                  case token_string:
                    if (current->token.value[0] != '\0')
  !                     strncat(current->token.value, " ", 
  ! 			MAX_STRING_LEN-strlen(current->token.value)-1);
  !                 strncat(current->token.value, new->token.value, 
  ! 			MAX_STRING_LEN-strlen(current->token.value)-1);
                    break;
                  case token_eq:
                  case token_ne:
  ***************
  *** 1188,1193 ****
  --- 1198,1204 ----
    #endif
                parse_string(r, current->token.value, buffer, MAX_STRING_LEN, 0);
                strncpy(current->token.value, buffer, MAX_STRING_LEN-1);
  + 	    current->token.value[MAX_STRING_LEN-1] = '\0';
                current->value = (current->token.value[0] != '\0');
                current->done = 1;
                current = current->parent;
  ***************
  *** 1212,1217 ****
  --- 1223,1229 ----
                                buffer, MAX_STRING_LEN, 0);
                        strncpy(current->left->token.value, buffer,
                                MAX_STRING_LEN-1);
  + 		    current->left->token.value[MAX_STRING_LEN-1] = '\0';
                        current->left->done = 1;
                        break;
                      default:
  ***************
  *** 1226,1231 ****
  --- 1238,1244 ----
                                buffer, MAX_STRING_LEN, 0);
                        strncpy(current->right->token.value, buffer,
                                MAX_STRING_LEN-1);
  + 		    current->right->token.value[MAX_STRING_LEN-1] = '\0';
                        current->right->done = 1;
                        break;
                      default:
  ***************
  *** 1267,1275 ****
  --- 1280,1290 ----
                parse_string(r, current->left->token.value,
                             buffer, MAX_STRING_LEN, 0);
                strncpy(current->left->token.value, buffer, MAX_STRING_LEN-1);
  + 	    current->left->token.value[MAX_STRING_LEN-1] = '\0';
                parse_string(r, current->right->token.value,
                             buffer, MAX_STRING_LEN, 0);
                strncpy(current->right->token.value, buffer, MAX_STRING_LEN-1);
  + 	    current->right->token.value[MAX_STRING_LEN-1] = '\0';
                if (current->right->token.value[0] == '/') {
                    int len;
                    len = strlen(current->right->token.value);
  ***************
  *** 1537,1544 ****
        int printing;
        int conditional_status;
    
  !     strcpy(error,DEFAULT_ERROR_MSG);
  !     strcpy(timefmt,DEFAULT_TIME_FORMAT);
        sizefmt = SIZEFMT_KMG;
    
    /*  Turn printing on */
  --- 1552,1561 ----
        int printing;
        int conditional_status;
    
  !     strncpy(error,DEFAULT_ERROR_MSG, sizeof(error)-1);
  !     error[sizeof(error)-1] = '\0';
  !     strncpy(timefmt,DEFAULT_TIME_FORMAT, sizeof(timefmt)-1);
  !     timefmt[sizeof(timefmt)-1] = '\0';
        sizefmt = SIZEFMT_KMG;
    
    /*  Turn printing on */
  
  
  
  1.10      +27 -22    apache/src/mod_info.c
  
  Index: mod_info.c
  ===================================================================
  RCS file: /export/home/cvs/apache/src/mod_info.c,v
  retrieving revision 1.9
  retrieving revision 1.10
  diff -C3 -r1.9 -r1.10
  *** mod_info.c	1997/01/12 20:50:29	1.9
  --- mod_info.c	1997/01/20 04:28:14	1.10
  ***************
  *** 88,105 ****
    
    char *mod_info_html_cmd_string(char *string) {
    	char *s,*t;
  ! 	static char ret[64];  /* What is the max size of a command? */
    
    	ret[0]='\0';
    	s = string;
    	t=ret;	
  ! 	while(*s) {
  ! 		if(*s=='<') { strcat(t,"&lt;"); t+=4*sizeof(char); }
  ! 		else if(*s=='>') { strcat(t,"&gt;"); t+=4*sizeof(char); }
    		else *t++=*s;
    		s++;
  - 		*t='\0';
    	}
    	return(ret);
    }
    
  --- 88,110 ----
    
    char *mod_info_html_cmd_string(char *string) {
    	char *s,*t;
  ! 	static char ret[256];  /* What is the max size of a command? */
    
    	ret[0]='\0';
    	s = string;
    	t=ret;	
  ! 	while((*s) && (strlen(t) < 256)) {
  ! 		if(*s=='<') { 
  ! 			strncat(t,"&lt;", sizeof(ret)-strlen(ret));
  ! 			t+=4*sizeof(char);
  ! 		} else if(*s=='>') {
  ! 			strncat(t,"&gt;", sizeof(ret)-strlen(ret));
  ! 			t+=4*sizeof(char);
  ! 		}
    		else *t++=*s;
    		s++;
    	}
  + 	*t='\0';
    	return(ret);
    }
    
  ***************
  *** 244,250 ****
    
    int display_info(request_rec *r) {
    	module *modp = NULL;
  ! 	char buf[256], *cfname;
    	command_rec *cmd=NULL;
    	handler_rec *hand=NULL;
    	server_rec *serv = r->server;
  --- 249,255 ----
    
    int display_info(request_rec *r) {
    	module *modp = NULL;
  ! 	char buf[512], *cfname;
    	command_rec *cmd=NULL;
    	handler_rec *hand=NULL;
    	server_rec *serv = r->server;
  ***************
  *** 286,292 ****
    		if(!r->args) {
    			rputs("<tt><a href=\"#server\">Server Settings</a>, ",r);
    			for(modp = top_module; modp; modp = modp->next) {
  ! 				sprintf(buf,"<a href=\"#%s\">%s</a>",modp->name,modp->name);
    				rputs(buf, r);
    				if(modp->next) rputs(", ",r);
    			}
  --- 291,297 ----
    		if(!r->args) {
    			rputs("<tt><a href=\"#server\">Server Settings</a>, ",r);
    			for(modp = top_module; modp; modp = modp->next) {
  ! 				ap_snprintf(buf, sizeof(buf), "<a href=\"#%s\">%s</a>",modp->name,modp->name);
    				rputs(buf, r);
    				if(modp->next) rputs(", ",r);
    			}
  ***************
  *** 294,335 ****
    
    		}
    		if(!r->args || !strcasecmp(r->args,"server")) {	
  ! 			sprintf(buf,"<a name=\"server\"><strong>Server Version:</strong> <font size=+1><tt>%s</tt></a></font><br>\n",SERVER_VERSION);
    			rputs(buf,r);
  ! 			sprintf(buf,"<strong>API Version:</strong> <tt>%d</tt><br>\n",MODULE_MAGIC_NUMBER);
    			rputs(buf,r);
  ! 			sprintf(buf,"<strong>Run Mode:</strong> <tt>%s</tt><br>\n",standalone?"standalone":"inetd");
    			rputs(buf,r);
  ! 			sprintf(buf,"<strong>User/Group:</strong> <tt>%s(%d)/%d</tt><br>\n",user_name,(int)user_id,(int)group_id);
    			rputs(buf,r);
  ! 			sprintf(buf,"<strong>Hostname/port:</strong> <tt>%s:%d</tt><br>\n",serv->server_hostname,serv->port);
    			rputs(buf,r);
  ! 			sprintf(buf,"<strong>Daemons:</strong> <tt>start: %d &nbsp;&nbsp; min idle: %d &nbsp;&nbsp; max idle: %d &nbsp;&nbsp; max: %d</tt><br>\n",daemons_to_start,daemons_min_free,daemons_max_free,daemons_limit);
    			rputs(buf,r);
  ! 			sprintf(buf,"<strong>Max Requests:</strong> <tt>per child: %d &nbsp;&nbsp; per connection: %d</tt><br>\n",max_requests_per_child,serv->keep_alive);
    			rputs(buf,r);
  ! 			sprintf(buf,"<strong>Timeouts:</strong> <tt>connection: %d &nbsp;&nbsp; keep-alive: %d</tt><br>",serv->timeout,serv->keep_alive_timeout);
    			rputs(buf,r);
  ! 			sprintf(buf,"<strong>Server Root:</strong> <tt>%s</tt><br>\n",server_root);
    			rputs(buf,r);
  ! 			sprintf(buf,"<strong>Config File:</strong> <tt>%s</tt><br>\n",server_confname);
    			rputs(buf,r);
  ! 			sprintf(buf,"<strong>PID File:</strong> <tt>%s</tt><br>\n",pid_fname);
    			rputs(buf,r);
  ! 			sprintf(buf,"<strong>Scoreboard File:</strong> <tt>%s</tt><br>\n",scoreboard_fname);
    			rputs(buf,r);
    		}
    		rputs("<hr><dl>",r);
    		for(modp = top_module; modp; modp = modp->next) {
    			if(!r->args || !strcasecmp(modp->name,r->args)) {	
  ! 				sprintf(buf,"<dt><a name=\"%s\"><strong>Module Name:</strong> <font size=+1><tt>%s</tt></a></font>\n",modp->name,modp->name);
    				rputs(buf,r);
    				rputs("<dt><strong>Content-types affected:</strong>",r);	
    				hand = modp->handlers;
    				if(hand) {
    					while(hand) {
    						if(hand->content_type) {
  ! 							sprintf(buf," <tt>%s</tt>\n",hand->content_type);	
    							rputs(buf,r);
    						} else break;
    						hand++;
  --- 299,340 ----
    
    		}
    		if(!r->args || !strcasecmp(r->args,"server")) {	
  ! 			ap_snprintf(buf, sizeof(buf), "<a name=\"server\"><strong>Server Version:</strong> <font size=+1><tt>%s</tt></a></font><br>\n",SERVER_VERSION);
    			rputs(buf,r);
  ! 			ap_snprintf(buf, sizeof(buf), "<strong>API Version:</strong> <tt>%d</tt><br>\n",MODULE_MAGIC_NUMBER);
    			rputs(buf,r);
  ! 			ap_snprintf(buf, sizeof(buf), "<strong>Run Mode:</strong> <tt>%s</tt><br>\n",standalone?"standalone":"inetd");
    			rputs(buf,r);
  ! 			ap_snprintf(buf, sizeof(buf), "<strong>User/Group:</strong> <tt>%s(%d)/%d</tt><br>\n",user_name,(int)user_id,(int)group_id);
    			rputs(buf,r);
  ! 			ap_snprintf(buf, sizeof(buf), "<strong>Hostname/port:</strong> <tt>%s:%d</tt><br>\n",serv->server_hostname,serv->port);
    			rputs(buf,r);
  ! 			ap_snprintf(buf, sizeof(buf), "<strong>Daemons:</strong> <tt>start: %d &nbsp;&nbsp; min idle: %d &nbsp;&nbsp; max idle: %d &nbsp;&nbsp; max: %d</tt><br>\n",daemons_to_start,daemons_min_free,daemons_max_free,daemons_limit);
    			rputs(buf,r);
  ! 			ap_snprintf(buf, sizeof(buf), "<strong>Max Requests:</strong> <tt>per child: %d &nbsp;&nbsp; per connection: %d</tt><br>\n",max_requests_per_child,serv->keep_alive);
    			rputs(buf,r);
  ! 			ap_snprintf(buf, sizeof(buf), "<strong>Timeouts:</strong> <tt>connection: %d &nbsp;&nbsp; keep-alive: %d</tt><br>",serv->timeout,serv->keep_alive_timeout);
    			rputs(buf,r);
  ! 			ap_snprintf(buf, sizeof(buf), "<strong>Server Root:</strong> <tt>%s</tt><br>\n",server_root);
    			rputs(buf,r);
  ! 			ap_snprintf(buf, sizeof(buf), "<strong>Config File:</strong> <tt>%s</tt><br>\n",server_confname);
    			rputs(buf,r);
  ! 			ap_snprintf(buf, sizeof(buf), "<strong>PID File:</strong> <tt>%s</tt><br>\n",pid_fname);
    			rputs(buf,r);
  ! 			ap_snprintf(buf, sizeof(buf), "<strong>Scoreboard File:</strong> <tt>%s</tt><br>\n",scoreboard_fname);
    			rputs(buf,r);
    		}
    		rputs("<hr><dl>",r);
    		for(modp = top_module; modp; modp = modp->next) {
    			if(!r->args || !strcasecmp(modp->name,r->args)) {	
  ! 				ap_snprintf(buf, sizeof(buf), "<dt><a name=\"%s\"><strong>Module Name:</strong> <font size=+1><tt>%s</tt></a></font>\n",modp->name,modp->name);
    				rputs(buf,r);
    				rputs("<dt><strong>Content-types affected:</strong>",r);	
    				hand = modp->handlers;
    				if(hand) {
    					while(hand) {
    						if(hand->content_type) {
  ! 							ap_snprintf(buf, sizeof(buf), " <tt>%s</tt>\n",hand->content_type);	
    							rputs(buf,r);
    						} else break;
    						hand++;
  ***************
  *** 380,386 ****
    				if(cmd) {
    					while(cmd) {
    						if(cmd->name) {
  ! 							sprintf(buf,"<dd><tt>%s - <i>",mod_info_html_cmd_string(cmd->name));	
    							rputs(buf,r);
    							if(cmd->errmsg) rputs(cmd->errmsg,r);
    							rputs("</i></tt>\n",r);
  --- 385,391 ----
    				if(cmd) {
    					while(cmd) {
    						if(cmd->name) {
  ! 							ap_snprintf(buf, sizeof(buf), "<dd><tt>%s - <i>",mod_info_html_cmd_string(cmd->name));	
    							rputs(buf,r);
    							if(cmd->errmsg) rputs(cmd->errmsg,r);
    							rputs("</i></tt>\n",r);
  
  
  
  1.9       +1 -1      apache/src/mod_log_agent.c
  
  Index: mod_log_agent.c
  ===================================================================
  RCS file: /export/home/cvs/apache/src/mod_log_agent.c,v
  retrieving revision 1.8
  retrieving revision 1.9
  diff -C3 -r1.8 -r1.9
  *** mod_log_agent.c	1997/01/10 09:34:42	1.8
  --- mod_log_agent.c	1997/01/20 04:28:14	1.9
  ***************
  *** 170,176 ****
        agent = table_get(orig->headers_in, "User-Agent");
        if(agent != NULL) 
          {
  ! 	sprintf(str, "%s\n", agent);
    	write(cls->agent_fd, str, strlen(str));
          }
        
  --- 170,176 ----
        agent = table_get(orig->headers_in, "User-Agent");
        if(agent != NULL) 
          {
  ! 	ap_snprintf(str, sizeof(str), "%s\n", agent);
    	write(cls->agent_fd, str, strlen(str));
          }
        
  
  
  
  1.22      +9 -9      apache/src/mod_log_config.c
  
  Index: mod_log_config.c
  ===================================================================
  RCS file: /export/home/cvs/apache/src/mod_log_config.c,v
  retrieving revision 1.21
  retrieving revision 1.22
  diff -C3 -r1.21 -r1.22
  *** mod_log_config.c	1997/01/16 08:06:12	1.21
  --- mod_log_config.c	1997/01/20 04:28:14	1.22
  ***************
  *** 224,230 ****
    char *format_integer(pool *p, int i)
    {
        char dummy[40];
  !     sprintf (dummy, "%d", i);
        return pstrdup (p, dummy);
    }
    
  --- 224,230 ----
    char *format_integer(pool *p, int i)
    {
        char dummy[40];
  !     ap_snprintf (dummy, sizeof(dummy), "%d", i);
        return pstrdup (p, dummy);
    }
    
  ***************
  *** 271,277 ****
    	long int bs;
    	char dummy[40];
    	bgetopt(r->connection->client, BO_BYTECT, &bs);
  ! 	sprintf(dummy, "%ld", bs);
    	return pstrdup(r->pool, dummy);
        }
    }
  --- 271,277 ----
    	long int bs;
    	char dummy[40];
    	bgetopt(r->connection->client, BO_BYTECT, &bs);
  ! 	ap_snprintf(dummy, sizeof(dummy), "%ld", bs);
    	return pstrdup(r->pool, dummy);
        }
    }
  ***************
  *** 309,316 ****
    	if(timz < 0) timz = -timz;
    
    	strftime(tstr,MAX_STRING_LEN,"[%d/%b/%Y:%H:%M:%S ",t);
  ! 	sprintf (tstr + strlen(tstr), "%c%.2d%.2d]",
  ! 		 sign, timz/60, timz%60);
        }
    
        return pstrdup (r->pool, tstr);
  --- 309,316 ----
    	if(timz < 0) timz = -timz;
    
    	strftime(tstr,MAX_STRING_LEN,"[%d/%b/%Y:%H:%M:%S ",t);
  ! 	ap_snprintf (tstr + strlen(tstr), sizeof(tstr)-strlen(tstr), 
  ! 		"%c%.2d%.2d]", sign, timz/60, timz%60);
        }
    
        return pstrdup (r->pool, tstr);
  ***************
  *** 319,325 ****
    char *log_request_duration (request_rec *r, char *a) {
        char duration[22];	/* Long enough for 2^64 */
    
  !     sprintf(duration, "%ld", time(NULL) - r->request_time);
        return pstrdup(r->pool, duration);
    }
    
  --- 319,325 ----
    char *log_request_duration (request_rec *r, char *a) {
        char duration[22];	/* Long enough for 2^64 */
    
  !     ap_snprintf(duration, sizeof(duration), "%ld", time(NULL) - r->request_time);
        return pstrdup(r->pool, duration);
    }
    
  ***************
  *** 328,342 ****
    }
    
    char *log_server_port (request_rec *r, char *a) {
  !     char portnum[10];
    
  !     sprintf(portnum, "%d", r->server->port);
        return pstrdup(r->pool, portnum);
    }
    
    char *log_child_pid (request_rec *r, char *a) {
  !     char pidnum[10];
  !     sprintf(pidnum, "%ld", (long)getpid());
        return pstrdup(r->pool, pidnum);
    }
    /*****************************************************************
  --- 328,342 ----
    }
    
    char *log_server_port (request_rec *r, char *a) {
  !     char portnum[22];
    
  !     ap_snprintf(portnum, sizeof(portnum), "%d", r->server->port);
        return pstrdup(r->pool, portnum);
    }
    
    char *log_child_pid (request_rec *r, char *a) {
  !     char pidnum[22];
  !     ap_snprintf(pidnum, sizeof(pidnum), "%ld", (long)getpid());
        return pstrdup(r->pool, pidnum);
    }
    /*****************************************************************
  
  
  
  1.30      +3 -3      apache/src/mod_negotiation.c
  
  Index: mod_negotiation.c
  ===================================================================
  RCS file: /export/home/cvs/apache/src/mod_negotiation.c,v
  retrieving revision 1.29
  retrieving revision 1.30
  diff -C3 -r1.29 -r1.30
  *** mod_negotiation.c	1997/01/01 18:10:38	1.29
  --- mod_negotiation.c	1997/01/20 04:28:15	1.30
  ***************
  *** 1653,1661 ****
            char *rec;
            char qstr[6];
            long len;
  !         char lenstr[20];                /* is this long enough? */
    
  !         sprintf(qstr, "%1.3f", variant->type_quality);
    
            /* Strip trailing zeros (saves those valuable network bytes) */
            if (qstr[4] == '0') {
  --- 1653,1661 ----
            char *rec;
            char qstr[6];
            long len;
  !         char lenstr[22];                /* enough for 2^64 */
    
  !         ap_snprintf(qstr, sizeof(qstr), "%1.3f", variant->type_quality);
    
            /* Strip trailing zeros (saves those valuable network bytes) */
            if (qstr[4] == '0') {
  ***************
  *** 1699,1705 ****
                    vary_by_charset = 1;
            }
            if ((len = find_content_length(neg, variant)) != 0) {
  !             sprintf(lenstr, "%ld", len);
                rec = pstrcat(r->pool, rec, " {length ", lenstr, "}", NULL);
            }
            
  --- 1699,1705 ----
                    vary_by_charset = 1;
            }
            if ((len = find_content_length(neg, variant)) != 0) {
  !             ap_snprintf(lenstr, sizeof(lenstr), "%ld", len);
                rec = pstrcat(r->pool, rec, " {length ", lenstr, "}", NULL);
            }
            
  
  
  
  1.15      +109 -70   apache/src/mod_rewrite.c
  
  Index: mod_rewrite.c
  ===================================================================
  RCS file: /export/home/cvs/apache/src/mod_rewrite.c,v
  retrieving revision 1.14
  retrieving revision 1.15
  diff -C3 -r1.14 -r1.15
  *** mod_rewrite.c	1997/01/16 08:06:13	1.14
  --- mod_rewrite.c	1997/01/20 04:28:15	1.15
  ***************
  *** 891,897 ****
    #endif 
            thisport = "";
        else {
  !         sprintf(buf, ":%d", r->server->port);
            thisport = pstrdup(r->pool, buf);
        }
        thisurl = table_get(r->subprocess_env, ENVVAR_SCRIPT_URL);
  --- 891,897 ----
    #endif 
            thisport = "";
        else {
  !         ap_snprintf(buf, sizeof(buf), ":%d", r->server->port);
            thisport = pstrdup(r->pool, buf);
        }
        thisurl = table_get(r->subprocess_env, ENVVAR_SCRIPT_URL);
  ***************
  *** 1026,1032 ****
                n = prefix_stat(r->filename, &finfo);
                if (n == 0) {
                    if ((cp = document_root(r)) != NULL) {
  !                     strcpy(docroot, cp);
    
                        /* allways NOT have a trailing slash */
                        l = strlen(docroot);
  --- 1026,1033 ----
                n = prefix_stat(r->filename, &finfo);
                if (n == 0) {
                    if ((cp = document_root(r)) != NULL) {
  !                     strncpy(docroot, cp, sizeof(docroot)-1);
  ! 		    docroot[sizeof(docroot)-1] = '\0';
    
                        /* allways NOT have a trailing slash */
                        l = strlen(docroot);
  ***************
  *** 1471,1489 ****
            if (p->flags & RULEFLAG_PROXY) {
                if (p->flags & RULEFLAG_NOTMATCH) {
                    output = pstrcat(r->pool, "proxy:", output, NULL);
  !                 strcpy(newuri, output);
  !                 expand_variables_inbuffer(r, newuri);                /* expand %{...} */
  !                 expand_map_lookups(r, newuri);                       /* expand ${...} */
                }
                else {
                    output = pstrcat(r->pool, "proxy:", output, NULL);
    #ifdef HAS_APACHE_REGEX_LIB
  !                 strcpy(newuri, pregsub(r->pool, output, uri, regexp->re_nsub+1, regmatch));    /* substitute in output */
    #else
                    regsub(regexp, output, newuri);                      /* substitute in output */
    #endif
  !                 expand_variables_inbuffer(r, newuri);                /* expand %{...} */
  !                 expand_map_lookups(r, newuri);                       /* expand ${...} */
                }
                if (perdir == NULL)
                    rewritelog(r, 2, "rewrite %s -> %s", r->filename, newuri);
  --- 1472,1492 ----
            if (p->flags & RULEFLAG_PROXY) {
                if (p->flags & RULEFLAG_NOTMATCH) {
                    output = pstrcat(r->pool, "proxy:", output, NULL);
  !                 strncpy(newuri, output, sizeof(newuri)-1);
  ! 		newuri[sizeof(newuri)-1] = '\0';
  !                 expand_variables_inbuffer(r, newuri, sizeof(newuri));/* expand %{...} */
  !                 expand_map_lookups(r, newuri, sizeof(newuri));       /* expand ${...} */
                }
                else {
                    output = pstrcat(r->pool, "proxy:", output, NULL);
    #ifdef HAS_APACHE_REGEX_LIB
  !                 strncpy(newuri, pregsub(r->pool, output, uri, regexp->re_nsub+1, regmatch), sizeof(newuri)-1);    /* substitute in output */
  ! 		newuri[sizeof(newuri)-1] = '\0';
    #else
                    regsub(regexp, output, newuri);                      /* substitute in output */
    #endif
  !                 expand_variables_inbuffer(r, newuri, sizeof(newuri));   /* expand %{...} */
  !                 expand_map_lookups(r, newuri, sizeof(newuri));          /* expand ${...} */
                }
                if (perdir == NULL)
                    rewritelog(r, 2, "rewrite %s -> %s", r->filename, newuri);
  ***************
  *** 1503,1520 ****
            if (perdir != NULL && strncmp(output, "http://", 7) == 0) {
    #endif
                if (p->flags & RULEFLAG_NOTMATCH) {
  !                 strcpy(newuri, output);
  !                 expand_variables_inbuffer(r, newuri);                /* expand %{...} */
  !                 expand_map_lookups(r, newuri);                       /* expand ${...} */
                }
                else {
    #ifdef HAS_APACHE_REGEX_LIB
  !                 strcpy(newuri, pregsub(r->pool, output, uri, regexp->re_nsub+1, regmatch));    /* substitute in output */
    #else
                    regsub(regexp, output, newuri);                      /* substitute in output */
    #endif
  !                 expand_variables_inbuffer(r, newuri);                /* expand %{...} */
  !                 expand_map_lookups(r, newuri);                       /* expand ${...} */
                }
                rewritelog(r, 2, "[per-dir %s] redirect %s -> %s", perdir, r->filename, newuri);
                r->filename = pstrdup(r->pool, newuri);
  --- 1506,1525 ----
            if (perdir != NULL && strncmp(output, "http://", 7) == 0) {
    #endif
                if (p->flags & RULEFLAG_NOTMATCH) {
  !                 strncpy(newuri, output, sizeof(newuri)-1);
  ! 		newuri[sizeof(newuri)-1] = '\0';
  !                 expand_variables_inbuffer(r, newuri, sizeof(newuri));/* expand %{...} */
  !                 expand_map_lookups(r, newuri, sizeof(newuri));       /* expand ${...} */
                }
                else {
    #ifdef HAS_APACHE_REGEX_LIB
  !                 strncpy(newuri, pregsub(r->pool, output, uri, regexp->re_nsub+1, regmatch), sizeof(newuri)-1);    /* substitute in output */
  ! 		newuri[sizeof(newuri)-1] = '\0';
    #else
                    regsub(regexp, output, newuri);                      /* substitute in output */
    #endif
  !                 expand_variables_inbuffer(r, newuri, sizeof(newuri));/* expand %{...} */
  !                 expand_map_lookups(r, newuri, sizeof(newuri));       /* expand ${...} */
                }
                rewritelog(r, 2, "[per-dir %s] redirect %s -> %s", perdir, r->filename, newuri);
                r->filename = pstrdup(r->pool, newuri);
  ***************
  *** 1532,1549 ****
    
            if (p->flags & RULEFLAG_NOTMATCH) {
                /* just overtake the URI */
  !             strcpy(newuri, output);
            }
            else {
                /* substitute in output */
    #ifdef HAS_APACHE_REGEX_LIB
  !             strcpy(newuri, pregsub(r->pool, output, uri, regexp->re_nsub+1, regmatch));    /* substitute in output */
    #else
                regsub(regexp, output, newuri);                      /* substitute in output */
    #endif
            }
  !         expand_variables_inbuffer(r, newuri);  /* expand %{...} */
  !         expand_map_lookups(r, newuri);         /* expand ${...} */
    
            if (perdir == NULL)
                rewritelog(r, 2, "rewrite %s -> %s", uri, newuri);
  --- 1537,1556 ----
    
            if (p->flags & RULEFLAG_NOTMATCH) {
                /* just overtake the URI */
  !             strncpy(newuri, output, sizeof(newuri)-1);
  ! 	    newuri[sizeof(newuri)-1] = '\0';
            }
            else {
                /* substitute in output */
    #ifdef HAS_APACHE_REGEX_LIB
  !             strncpy(newuri, pregsub(r->pool, output, uri, regexp->re_nsub+1, regmatch), sizeof(newuri)-1);    /* substitute in output */
  ! 	    newuri[sizeof(newuri-1)] = '\0'; 
    #else
                regsub(regexp, output, newuri);                      /* substitute in output */
    #endif
            }
  !         expand_variables_inbuffer(r, newuri, sizeof(newuri));  /* expand %{...} */
  !         expand_map_lookups(r, newuri, sizeof(newuri));   /* expand ${...} */
    
            if (perdir == NULL)
                rewritelog(r, 2, "rewrite %s -> %s", uri, newuri);
  ***************
  *** 1586,1603 ****
    #endif
                        strcpy(port, "");
                    else 
  !                     sprintf(port, ":%d", r->server->port);
                    if (r->filename[0] == '/')
    #ifdef APACHE_SSL
  !                     sprintf(newuri, "%s://%s%s%s", http_method(r), r->server->server_hostname, port, r->filename);
    #else
  !                     sprintf(newuri, "http://%s%s%s", r->server->server_hostname, port, r->filename);
    #endif
                    else
    #ifdef APACHE_SSL
  !                     sprintf(newuri, "%s://%s%s/%s", http_method(r), r->server->server_hostname, port, r->filename);
    #else
  !                     sprintf(newuri, "http://%s%s/%s", r->server->server_hostname, port, r->filename);
    #endif
                    if (perdir == NULL) 
                        rewritelog(r, 2, "prepare forced redirect %s -> %s", r->filename, newuri);
  --- 1593,1610 ----
    #endif
                        strcpy(port, "");
                    else 
  !                     ap_snprintf(port, sizeof(port), ":%d", r->server->port);
                    if (r->filename[0] == '/')
    #ifdef APACHE_SSL
  !                     ap_snprintf(newuri, sizeof(newuri), "%s://%s%s%s", http_method(r), r->server->server_hostname, port, r->filename);
    #else
  !                     ap_snprintf(newuri, sizeof(newuri), "http://%s%s%s", r->server->server_hostname, port, r->filename);
    #endif
                    else
    #ifdef APACHE_SSL
  !                     ap_snprintf(newuri, sizeof(newuri), "%s://%s%s/%s", http_method(r), r->server->server_hostname, port, r->filename);
    #else
  !                     ap_snprintf(newuri, sizeof(newuri), "http://%s%s/%s", r->server->server_hostname, port, r->filename);
    #endif
                    if (perdir == NULL) 
                        rewritelog(r, 2, "prepare forced redirect %s -> %s", r->filename, newuri);
  ***************
  *** 1653,1664 ****
            rc = (regexec(p->regexp, input, 0, NULL, 0) == 0);
    #else
            if (p->flags & CONDFLAG_NOCASE) {
  !             for (i = 0; input[i] != '\0'; i++)
                    inputbuf[i] = tolower(input[i]);
                inputbuf[i] = '\0';
            }
            else {
  !             strcpy(inputbuf, input);
            }
            rc = (regexec(p->regexp, inputbuf) != 0);
    #endif
  --- 1660,1672 ----
            rc = (regexec(p->regexp, input, 0, NULL, 0) == 0);
    #else
            if (p->flags & CONDFLAG_NOCASE) {
  !             for (i = 0; input[i] != '\0' && i < sizeof(inputbuf)-1 ; i++)
                    inputbuf[i] = tolower(input[i]);
                inputbuf[i] = '\0';
            }
            else {
  !             strncpy(inputbuf, input, sizeof(inputbuf)-1);
  ! 	    inputbuf[sizeof(inputbuf)-1] = '\0';
            }
            rc = (regexec(p->regexp, inputbuf) != 0);
    #endif
  ***************
  *** 1743,1759 ****
    
            /* cut the hostname and port out of the URI */
    #ifdef APACHE_SSL
  !         strcpy(buf, r->filename+strlen(http_method(r))+3);
    #else
  !         strcpy(buf, r->filename+7);
    #endif
            hostp = buf;
            for (cp = hostp; *cp != '\0' && *cp != '/' && *cp != ':'; cp++)
                ;
            if (*cp == ':') {
                /* set host */
                *cp++ = '\0';
  !             strcpy(host, hostp);
                /* set port */
                portp = cp;
                for (; *cp != '\0' && *cp != '/'; cp++)
  --- 1751,1769 ----
    
            /* cut the hostname and port out of the URI */
    #ifdef APACHE_SSL
  !         strncpy(buf, r->filename+strlen(http_method(r))+3, sizeof(buf)-1);
    #else
  !         strncpy(buf, r->filename+7, sizeof(buf)-1);
    #endif
  + 	buf[sizeof(buf)-1] = '\0';
            hostp = buf;
            for (cp = hostp; *cp != '\0' && *cp != '/' && *cp != ':'; cp++)
                ;
            if (*cp == ':') {
                /* set host */
                *cp++ = '\0';
  !             strncpy(host, hostp, sizeof(host)-1);
  ! 	    host[sizeof(host)-1] = '\0';
                /* set port */
                portp = cp;
                for (; *cp != '\0' && *cp != '/'; cp++)
  ***************
  *** 1768,1774 ****
            else if (*cp == '/') {
                /* set host */
                *cp = '\0';
  !             strcpy(host, hostp);
                *cp = '/';
                /* set port */
                port = 80;
  --- 1778,1785 ----
            else if (*cp == '/') {
                /* set host */
                *cp = '\0';
  !             strncpy(host, hostp, sizeof(host)-1);
  ! 	    host[sizeof(host)-1] = '\0';
                *cp = '/';
                /* set port */
                port = 80;
  ***************
  *** 1777,1783 ****
            }
            else {
                /* set host */
  !             strcpy(host, hostp);
                /* set port */
                port = 80;
                /* set remaining url */
  --- 1788,1795 ----
            }
            else {
                /* set host */
  !             strncpy(host, hostp, sizeof(host)-1);
  ! 	    host[sizeof(host)-1] = '\0';
                /* set port */
                port = 80;
                /* set remaining url */
  ***************
  *** 1812,1818 ****
        newuri = uri;
        if (uri != NULL && strlen(uri) > 2 && uri[0] == '/' && uri[1] == '~') {
            /* cut out the username */
  !         for (j = 0, i = 2; uri[i] != '\0' && 
                           (   (uri[i] >= '0' && uri[i] <= '9')
                            || (uri[i] >= 'a' && uri[i] <= 'z')
                            || (uri[i] >= 'A' && uri[i] <= 'Z')); )
  --- 1824,1830 ----
        newuri = uri;
        if (uri != NULL && strlen(uri) > 2 && uri[0] == '/' && uri[1] == '~') {
            /* cut out the username */
  !         for (j = 0, i = 2; j < sizeof(user)-1 && uri[i] != '\0' && 
                           (   (uri[i] >= '0' && uri[i] <= '9')
                            || (uri[i] >= 'a' && uri[i] <= 'z')
                            || (uri[i] >= 'A' && uri[i] <= 'Z')); )
  ***************
  *** 1846,1852 ****
    **
    */
    
  ! static void expand_map_lookups(request_rec *r, char *uri)
    {
        char newuri[MAX_STRING_LEN];
        char *cpI;
  --- 1858,1865 ----
    **
    */
    
  ! #define limit_length(n)	(n > LONG_STRING_LEN-1 ? LONG_STRING_LEN-1 : n)
  ! static void expand_map_lookups(request_rec *r, char *uri, int uri_len)
    {
        char newuri[MAX_STRING_LEN];
        char *cpI;
  ***************
  *** 1876,1902 ****
    
                cpT = strchr(cpI, ':');
                n = cpT-cpI;
  !             memcpy(mapname, cpI, n);
  !             mapname[n] = '\0';
                cpI += n+1;
    
                cpT2 = strchr(cpI, '|');
                cpT = strchr(cpI, '}');
                if (cpT2 != NULL && cpT2 < cpT) {
                    n = cpT2-cpI;
  !                 memcpy(mapkey, cpI, n);
  !                 mapkey[n] = '\0';
                    cpI += n+1;
    
                    n = cpT-cpI;
  !                 memcpy(defaultvalue, cpI, n);
  !                 defaultvalue[n] = '\0';
                    cpI += n+1;
                }
                else {
                    n = cpT-cpI;
  !                 memcpy(mapkey, cpI, n);
  !                 mapkey[n] = '\0';
                    cpI += n+1;
    
                    defaultvalue[0] = '\0';
  --- 1889,1915 ----
    
                cpT = strchr(cpI, ':');
                n = cpT-cpI;
  !             memcpy(mapname, cpI, limit_length(n));
  !             mapname[limit_length(n)] = '\0';
                cpI += n+1;
    
                cpT2 = strchr(cpI, '|');
                cpT = strchr(cpI, '}');
                if (cpT2 != NULL && cpT2 < cpT) {
                    n = cpT2-cpI;
  !                 memcpy(mapkey, cpI, limit_length(n));
  !                 mapkey[limit_length(n)] = '\0';
                    cpI += n+1;
    
                    n = cpT-cpI;
  !                 memcpy(defaultvalue, cpI, limit_length(n));
  !                 defaultvalue[limit_length(n)] = '\0';
                    cpI += n+1;
                }
                else {
                    n = cpT-cpI;
  !                 memcpy(mapkey, cpI, limit_length(n));
  !                 mapkey[limit_length(n)] = '\0';
                    cpI += n+1;
    
                    defaultvalue[0] = '\0';
  ***************
  *** 1905,1915 ****
  --- 1918,1936 ----
                cpT = lookup_map(r, mapname, mapkey);
                if (cpT != NULL) {
                    n = strlen(cpT);
  + 		if (cpO + n >= newuri + sizeof(newuri)) {
  + 		    log_printf(r->server, "insufficient space in expand_map_lookups, aborting");
  + 		    return;
  + 		}
                    memcpy(cpO, cpT, n);
                    cpO += n;
                }
                else {
                    n = strlen(defaultvalue);
  + 		if (cpO + n >= newuri + sizeof(newuri)) {
  + 		    log_printf(r->server, "insufficient space in expand_map_lookups, aborting");
  + 		    return;
  + 		}
                    memcpy(cpO, defaultvalue, n);
                    cpO += n;
                }
  ***************
  *** 1919,1933 ****
                if (cpT == NULL)
                    cpT = cpI+strlen(cpI);
                n = cpT-cpI;
                memcpy(cpO, cpI, n);
                cpO += n;
                cpI += n;
            }
        }
        *cpO = '\0';
  !     strcpy(uri, newuri);
        return;
    }
    
    
    
  --- 1940,1960 ----
                if (cpT == NULL)
                    cpT = cpI+strlen(cpI);
                n = cpT-cpI;
  + 	    if (cpO + n >= newuri + sizeof(newuri)) {
  + 		log_printf(r->server, "insufficient space in expand_map_lookups, aborting");
  + 		return;
  + 	    }
                memcpy(cpO, cpI, n);
                cpO += n;
                cpI += n;
            }
        }
        *cpO = '\0';
  !     strncpy(uri, newuri, uri_len-1);
  !     uri[uri_len-1] = '\0';
        return;
    }
  + #undef limit_length
    
    
    
  ***************
  *** 2034,2040 ****
        if ((fp = pfopen(r->pool, file, "r")) == NULL)
            return NULL;
    
  !     strcpy(output,  MAPFILE_OUTPUT);
        while (fgets(line, sizeof(line), fp) != NULL) {
            if (line[strlen(line)-1] == '\n')
                line[strlen(line)-1] = '\0';
  --- 2061,2068 ----
        if ((fp = pfopen(r->pool, file, "r")) == NULL)
            return NULL;
    
  !     strncpy(output,  MAPFILE_OUTPUT, sizeof(output)-1);
  !     output[sizeof(output)-1] = '\0';
        while (fgets(line, sizeof(line), fp) != NULL) {
            if (line[strlen(line)-1] == '\n')
                line[strlen(line)-1] = '\0';
  ***************
  *** 2044,2050 ****
            if (regexec(lookup_map_txtfile_regexp, line) != 0) {
    #endif
    #ifdef HAS_APACHE_REGEX_LIB
  !             strcpy(result, pregsub(r->pool, output, line, lookup_map_txtfile_regexp->re_nsub+1, lookup_map_txtfile_regmatch)); /* substitute in output */
    #else
                regsub(lookup_map_txtfile_regexp, output, result);
    #endif
  --- 2072,2079 ----
            if (regexec(lookup_map_txtfile_regexp, line) != 0) {
    #endif
    #ifdef HAS_APACHE_REGEX_LIB
  !             strncpy(result, pregsub(r->pool, output, line, lookup_map_txtfile_regexp->re_nsub+1, lookup_map_txtfile_regmatch), sizeof(result)-1); /* substitute in output */
  ! 	    result[sizeof(result)-1] = '\0';
    #else
                regsub(lookup_map_txtfile_regexp, output, result);
    #endif
  ***************
  *** 2073,2079 ****
        char buf[MAX_STRING_LEN];
    
        dbmkey.dptr  = key;
  !     dbmkey.dsize = strlen(key);
        if ((dbmfp = dbm_open(file, O_RDONLY, 0666)) != NULL) {
            dbmval = dbm_fetch(dbmfp, dbmkey);
            if (dbmval.dptr != NULL) {
  --- 2102,2108 ----
        char buf[MAX_STRING_LEN];
    
        dbmkey.dptr  = key;
  !     dbmkey.dsize = strlen(key) < sizeof(buf) - 1 : strlen(key) ? sizeof(buf)-1;
        if ((dbmfp = dbm_open(file, O_RDONLY, 0666)) != NULL) {
            dbmval = dbm_fetch(dbmfp, dbmkey);
            if (dbmval.dptr != NULL) {
  ***************
  *** 2099,2105 ****
    
        /* read in the response value */
        i = 0;
  !     while (read(fpout, &c, 1) == 1 && (i < LONG_STRING_LEN)) {
            if (c == '\n')
                break;
            buf[i++] = c;
  --- 2128,2134 ----
    
        /* read in the response value */
        i = 0;
  !     while (read(fpout, &c, 1) == 1 && (i < LONG_STRING_LEN-1)) {
            if (c == '\n')
                break;
            buf[i++] = c;
  ***************
  *** 2216,2236 ****
                                (connect->remote_logname != NULL ? connect->remote_logname : "-"), " ",
                                ruser,
                                NULL);
  !     vsprintf(str2, text, ap);
    
  !     if (r->main == NULL)
  !         strcpy(type, "initial");
  !     else
  !         strcpy(type, "subreq");
    
        for (i = 0, req = r->prev; req != NULL; req = req->prev) 
            ;
        if (i == 0)
            strcpy(redir, "");
        else
  !         sprintf(redir, "/redir#%d", i);
    
  !     sprintf(str3, "%s %s [%s/sid#%x][rid#%x/%s%s] (%d) %s\n", str1, current_logtime(r), r->server->server_hostname, (unsigned int)(r->server), (unsigned int)r, type, redir, level, str2);
    
        write(conf->rewritelogfp, str3, strlen(str3));
    
  --- 2245,2268 ----
                                (connect->remote_logname != NULL ? connect->remote_logname : "-"), " ",
                                ruser,
                                NULL);
  !     ap_vsnprintf(str2, sizeof(str2), text, ap);
    
  !     if (r->main == NULL) {
  !         strncpy(type, "initial", sizeof(type)-1);
  ! 	type[sizeof(type)-1] = '\0';
  !     } else {
  !         strncpy(type, "subreq", sizeof(type)-1);
  ! 	type[sizeof(type)-1] = '\0';
  !     }
    
        for (i = 0, req = r->prev; req != NULL; req = req->prev) 
            ;
        if (i == 0)
            strcpy(redir, "");
        else
  !         ap_snprintf(redir, sizeof(redir), "/redir#%d", i);
    
  !     ap_snprintf(str3, sizeof(str3), "%s %s [%s/sid#%x][rid#%x/%s%s] (%d) %s\n", str1, current_logtime(r), r->server->server_hostname, (unsigned int)(r->server), (unsigned int)r, type, redir, level, str2);
    
        write(conf->rewritelogfp, str3, strlen(str3));
    
  ***************
  *** 2254,2265 ****
        if(timz < 0) 
            timz = -timz;
    
  !     strftime(tstr, MAX_STRING_LEN,"[%d/%b/%Y:%H:%M:%S ",t);
    
    #ifdef IS_APACHE_12
  !     sprintf(tstr + strlen(tstr), "%c%.2d%.2d]", sign, timz/60, timz%60);
    #else
  !     sprintf(tstr + strlen(tstr), "%c%02ld%02ld]", sign, timz/3600, timz%3600);
    #endif
    
        return pstrdup(r->pool, tstr);
  --- 2286,2297 ----
        if(timz < 0) 
            timz = -timz;
    
  !     strftime(tstr, 80,"[%d/%b/%Y:%H:%M:%S ",t);
    
    #ifdef IS_APACHE_12
  !     ap_snprintf(tstr + strlen(tstr), 80-strlen(tstr), "%c%.2d%.2d]", sign, timz/60, timz%60);
    #else
  !     ap_snprintf(tstr + strlen(tstr), 80-strlen(tstr), "%c%02ld%02ld]", sign, timz/3600, timz%3600);
    #endif
    
        return pstrdup(r->pool, tstr);
  ***************
  *** 2341,2352 ****
    */
    
    
  ! static void expand_variables_inbuffer(request_rec *r, char *buf)
    {
        char *newbuf;
        newbuf = expand_variables(r, buf);
  !     if (strcmp(newbuf, buf) != 0)
  !         strcpy(buf, newbuf);
        return;
    }
    
  --- 2373,2386 ----
    */
    
    
  ! static void expand_variables_inbuffer(request_rec *r, char *buf, int buf_len)
    {
        char *newbuf;
        newbuf = expand_variables(r, buf);
  !     if (strcmp(newbuf, buf) != 0) {
  !         strncpy(buf, newbuf, buf_len-1);
  ! 	buf[buf_len-1] = '\0';
  !     }
        return;
    }
    
  ***************
  *** 2359,2383 ****
        char *cp3;
        int expanded;
    
  !     strcpy(input, str);
        output[0] = '\0';
        expanded = 0;
        for (cp = input; cp < input+MAX_STRING_LEN; ) {
            if ((cp2 = strstr(cp, "%{")) != NULL) {
                if ((cp3 = strstr(cp2, "}")) != NULL) {
                    *cp2 = '\0';
  !                 strcpy(&output[strlen(output)], cp);
  ! 
                    cp2 += 2;
                    *cp3 = '\0';
  !                 strcpy(&output[strlen(output)], lookup_variable(r, cp2));
    
                    cp = cp3+1;
                    expanded = 1;
                    continue;
                }
            }
  !         strcpy(&output[strlen(output)], cp);
            break;
        }
        return expanded ? pstrdup(r->pool, output) : str;
  --- 2393,2418 ----
        char *cp3;
        int expanded;
    
  !     strncpy(input, str, sizeof(input)-1);
  !     input[sizeof(input)-1] = '\0';
        output[0] = '\0';
        expanded = 0;
        for (cp = input; cp < input+MAX_STRING_LEN; ) {
            if ((cp2 = strstr(cp, "%{")) != NULL) {
                if ((cp3 = strstr(cp2, "}")) != NULL) {
                    *cp2 = '\0';
  !                 strncpy(&output[strlen(output)], cp, sizeof(output)-strlen(output)-1);
                    cp2 += 2;
                    *cp3 = '\0';
  !                 strncpy(&output[strlen(output)], lookup_variable(r, cp2), sizeof(output)-strlen(output)-1);
    
                    cp = cp3+1;
                    expanded = 1;
                    continue;
                }
            }
  !         strncpy(&output[strlen(output)], cp, sizeof(output)-strlen(output)-1);
  ! 	output[sizeof(output)-1] = '\0';
            break;
        }
        return expanded ? pstrdup(r->pool, output) : str;
  ***************
  *** 2468,2474 ****
            result = r->server->server_hostname;
        }
        else if (strcasecmp(var, "SERVER_PORT") == 0) {
  !         sprintf(resultbuf, "%d", r->server->port);
            result = resultbuf;
        }
        else if (strcasecmp(var, "SERVER_PROTOCOL") == 0) {
  --- 2503,2509 ----
            result = r->server->server_hostname;
        }
        else if (strcasecmp(var, "SERVER_PORT") == 0) {
  !         ap_snprintf(resultbuf, sizeof(resultbuf), "%d", r->server->port);
            result = resultbuf;
        }
        else if (strcasecmp(var, "SERVER_PROTOCOL") == 0) {
  ***************
  *** 2478,2484 ****
            result = pstrdup(r->pool, SERVER_VERSION);
        }
        else if (strcasecmp(var, "API_VERSION") == 0) { /* non-standard */
  !         sprintf(resultbuf, "%d", MODULE_MAGIC_NUMBER);
            result = resultbuf;
        }
    
  --- 2513,2519 ----
            result = pstrdup(r->pool, SERVER_VERSION);
        }
        else if (strcasecmp(var, "API_VERSION") == 0) { /* non-standard */
  !         ap_snprintf(resultbuf, sizeof(resultbuf), "%d", MODULE_MAGIC_NUMBER);
            result = resultbuf;
        }
    
  ***************
  *** 2486,2498 ****
        else if (strcasecmp(var, "TIME_YEAR") == 0) {
            tc = time(NULL); 
            tm = localtime(&tc); 
  !         sprintf(resultbuf, "%02d%02d", (tm->tm_year / 100) + 19, tm->tm_year % 100);
            result = resultbuf;
        }
    #define MKTIMESTR(format, tmfield) \
        tc = time(NULL); \
        tm = localtime(&tc); \
  !     sprintf(resultbuf, format, tm->tmfield); \
        result = resultbuf;
        else if (strcasecmp(var, "TIME_MON") == 0) {
            MKTIMESTR("%02d", tm_mon+1)
  --- 2521,2533 ----
        else if (strcasecmp(var, "TIME_YEAR") == 0) {
            tc = time(NULL); 
            tm = localtime(&tc); 
  !         ap_snprintf(resultbuf, sizeof(resultbuf), "%02d%02d", (tm->tm_year / 100) + 19, tm->tm_year % 100);
            result = resultbuf;
        }
    #define MKTIMESTR(format, tmfield) \
        tc = time(NULL); \
        tm = localtime(&tc); \
  !     ap_snprintf(resultbuf, sizeof(resultbuf), format, tm->tmfield); \
        result = resultbuf;
        else if (strcasecmp(var, "TIME_MON") == 0) {
            MKTIMESTR("%02d", tm_mon+1)
  ***************
  *** 2684,2690 ****
        output = input;
    
        /* first, remove the local directory prefix */
  !     strcpy(matchbuf, match);
        /* allways have a trailing slash */
        l = strlen(matchbuf);
        if (matchbuf[l-1] != '/') {
  --- 2719,2727 ----
        output = input;
    
        /* first, remove the local directory prefix */
  !     strncpy(matchbuf, match, sizeof(matchbuf)-1);
  !     matchbuf[sizeof(matchbuf)-1] = '\0';
  ! 
        /* allways have a trailing slash */
        l = strlen(matchbuf);
        if (matchbuf[l-1] != '/') {
  ***************
  *** 2697,2703 ****
            output = pstrdup(r->pool, output+l); 
    
            /* and now add the base-URL as replacement prefix */
  !         strcpy(substbuf, subst);
            /* allways have a trailing slash */
            l = strlen(substbuf);
            if (substbuf[l-1] != '/') {
  --- 2734,2741 ----
            output = pstrdup(r->pool, output+l); 
    
            /* and now add the base-URL as replacement prefix */
  !         strncpy(substbuf, subst, sizeof(substbuf)-1);
  ! 	substbuf[sizeof(substbuf)-1] = '\0';
            /* allways have a trailing slash */
            l = strlen(substbuf);
            if (substbuf[l-1] != '/') {
  ***************
  *** 2806,2812 ****
        char curpath[LONG_STRING_LEN];
        char *cp;
    
  !     strcpy(curpath, path);
        if (curpath[0] != '/') 
            return 0;
        if ((cp = strchr(curpath+1, '/')) != NULL)
  --- 2844,2851 ----
        char curpath[LONG_STRING_LEN];
        char *cp;
    
  !     strncpy(curpath, path, sizeof(curpath)-1);
  !     curpath[sizeof(curpath)-1] = '\0';
        if (curpath[0] != '/') 
            return 0;
        if ((cp = strchr(curpath+1, '/')) != NULL)
  
  
  
  1.15      +2 -2      apache/src/mod_rewrite.h
  
  Index: mod_rewrite.h
  ===================================================================
  RCS file: /export/home/cvs/apache/src/mod_rewrite.h,v
  retrieving revision 1.14
  retrieving revision 1.15
  diff -C3 -r1.14 -r1.15
  *** mod_rewrite.h	1997/01/01 18:10:40	1.14
  --- mod_rewrite.h	1997/01/20 04:28:16	1.15
  ***************
  *** 333,339 ****
    static void  splitout_queryargs(request_rec *r);
    static void  reduce_uri(request_rec *r);
    static char *expand_tildepaths(request_rec *r, char *uri);
  ! static void  expand_map_lookups(request_rec *r, char *uri);
    
        /* DBM hashfile support functions */
    static char *lookup_map(request_rec *r, char *name, char *key);
  --- 333,339 ----
    static void  splitout_queryargs(request_rec *r);
    static void  reduce_uri(request_rec *r);
    static char *expand_tildepaths(request_rec *r, char *uri);
  ! static void  expand_map_lookups(request_rec *r, char *uri, int uri_len);
    
        /* DBM hashfile support functions */
    static char *lookup_map(request_rec *r, char *name, char *key);
  ***************
  *** 354,360 ****
    static void  rewritemap_program_child(void *cmd);
    
        /* env variable support */
  ! static void  expand_variables_inbuffer(request_rec *r, char *buf);
    static char *expand_variables(request_rec *r, char *str);
    static char *lookup_variable(request_rec *r, char *var);
    static char *lookup_header(request_rec *r, const char *name);
  --- 354,360 ----
    static void  rewritemap_program_child(void *cmd);
    
        /* env variable support */
  ! static void  expand_variables_inbuffer(request_rec *r, char *buf, int buf_len);
    static char *expand_variables(request_rec *r, char *str);
    static char *lookup_variable(request_rec *r, char *var);
    static char *lookup_header(request_rec *r, const char *name);
  
  
  
  1.8       +6 -5      apache/src/mod_usertrack.c
  
  Index: mod_usertrack.c
  ===================================================================
  RCS file: /export/home/cvs/apache/src/mod_usertrack.c,v
  retrieving revision 1.7
  retrieving revision 1.8
  diff -C3 -r1.7 -r1.8
  *** mod_usertrack.c	1997/01/01 18:10:42	1.7
  --- mod_usertrack.c	1997/01/20 04:28:16	1.8
  ***************
  *** 121,128 ****
        cookie_log_state *cls = get_module_config (r->server->module_config,
    					       &usertrack_module);
        struct timeval tv;
  !     char *new_cookie = palloc( r->pool, 100);	/* 100 = blurgh */
  !     char *cookiebuf = palloc( r->pool, 100);
        char *dot;
        const char *rname = pstrdup(r->pool, 
    		       	    get_remote_host(r->connection, r->per_dir_config,
  --- 121,129 ----
        cookie_log_state *cls = get_module_config (r->server->module_config,
    					       &usertrack_module);
        struct timeval tv;
  !     /* 1024 == hardcoded constants */
  !     char *new_cookie = palloc( r->pool, 1024);	
  !     char *cookiebuf = palloc( r->pool, 1024);
        char *dot;
        const char *rname = pstrdup(r->pool, 
    		       	    get_remote_host(r->connection, r->per_dir_config,
  ***************
  *** 133,139 ****
        if ((dot = strchr(rname,'.'))) *dot='\0';	/* First bit of hostname */
        gettimeofday(&tv, &tz);
    
  !     sprintf(cookiebuf, "%s%d%ld%d", rname, (int)getpid(),
    	      (long)tv.tv_sec, (int)tv.tv_usec/1000);	    
    
        if (cls->expires) {
  --- 134,140 ----
        if ((dot = strchr(rname,'.'))) *dot='\0';	/* First bit of hostname */
        gettimeofday(&tv, &tz);
    
  !     ap_snprintf(cookiebuf, 1024, "%s%d%ld%d", rname, (int)getpid(),
    	      (long)tv.tv_sec, (int)tv.tv_usec/1000);	    
    
        if (cls->expires) {
  ***************
  *** 154,160 ****
          tms = gmtime(&when);
    
          /* Cookie with date; as strftime '%a, %d-%h-%y %H:%M:%S GMT' */
  !       sprintf(new_cookie,
    	   "%s%s; path=/; expires=%s, %.2d-%s-%.2d %.2d:%.2d:%.2d GMT",
    	      COOKIE_NAME, cookiebuf, days[tms->tm_wday],
    	      tms->tm_mday, month_snames[tms->tm_mon],
  --- 155,161 ----
          tms = gmtime(&when);
    
          /* Cookie with date; as strftime '%a, %d-%h-%y %H:%M:%S GMT' */
  !       ap_snprintf(new_cookie, 1024,
    	   "%s%s; path=/; expires=%s, %.2d-%s-%.2d %.2d:%.2d:%.2d GMT",
    	      COOKIE_NAME, cookiebuf, days[tms->tm_wday],
    	      tms->tm_mday, month_snames[tms->tm_mon],
  ***************
  *** 162,168 ****
    	      tms->tm_hour, tms->tm_min, tms->tm_sec);
        }
        else
  !       sprintf(new_cookie,"%s%s; path=/", COOKIE_NAME, cookiebuf);
    
        table_set(r->headers_out,"Set-Cookie",new_cookie);
        table_set(r->notes, "cookie", cookiebuf); /* log first time */
  --- 163,169 ----
    	      tms->tm_hour, tms->tm_min, tms->tm_sec);
        }
        else
  !       ap_snprintf(new_cookie, 1024, "%s%s; path=/", COOKIE_NAME, cookiebuf);
    
        table_set(r->headers_out,"Set-Cookie",new_cookie);
        table_set(r->notes, "cookie", cookiebuf); /* log first time */
  
  
  
  1.8       +1 -1      apache/src/rfc1413.c
  
  Index: rfc1413.c
  ===================================================================
  RCS file: /export/home/cvs/apache/src/rfc1413.c,v
  retrieving revision 1.7
  retrieving revision 1.8
  diff -C3 -r1.7 -r1.8
  *** rfc1413.c	1997/01/01 18:10:43	1.7
  --- rfc1413.c	1997/01/20 04:28:16	1.8
  ***************
  *** 143,149 ****
    	return -1;
    
    /* send the data */
  !     sprintf(buffer, "%u,%u\r\n", ntohs(rmt_sin->sin_port),
    	    ntohs(our_sin->sin_port));
        do i = write(sock, buffer, strlen(buffer));
        while (i == -1 && errno == EINTR);
  --- 143,149 ----
    	return -1;
    
    /* send the data */
  !     ap_snprintf(buffer, sizeof(buffer), "%u,%u\r\n", ntohs(rmt_sin->sin_port),
    	    ntohs(our_sin->sin_port));
        do i = write(sock, buffer, strlen(buffer));
        while (i == -1 && errno == EINTR);
  
  
  
  1.40      +6 -4      apache/src/util.c
  
  Index: util.c
  ===================================================================
  RCS file: /export/home/cvs/apache/src/util.c,v
  retrieving revision 1.39
  retrieving revision 1.40
  diff -C3 -r1.39 -r1.40
  *** util.c	1997/01/10 11:43:08	1.39
  --- util.c	1997/01/20 04:28:17	1.40
  ***************
  *** 95,101 ****
        tms = gmtime(&sec);
    
    /* RFC date format; as strftime '%a, %d %b %Y %T GMT' */
  !     sprintf(ts, "%s, %.2d %s %d %.2d:%.2d:%.2d GMT", days[tms->tm_wday],
    	    tms->tm_mday, month_snames[tms->tm_mon], tms->tm_year + 1900,
    	    tms->tm_hour, tms->tm_min, tms->tm_sec);
    
  --- 95,102 ----
        tms = gmtime(&sec);
    
    /* RFC date format; as strftime '%a, %d %b %Y %T GMT' */
  !     ap_snprintf(ts, sizeof(ts), 
  ! 	    "%s, %.2d %s %d %.2d:%.2d:%.2d GMT", days[tms->tm_wday],
    	    tms->tm_mday, month_snames[tms->tm_mon], tms->tm_year + 1900,
    	    tms->tm_hour, tms->tm_min, tms->tm_sec);
    
  ***************
  *** 758,769 ****
    }
    
    char *construct_server(pool *p, const char *hostname, int port) {
  !     char portnum[10];		/* Long enough.  Really! */
      
        if (port == 80)
    	return (char *)hostname;
        else {
  !         sprintf (portnum, "%d", port);
    	return pstrcat (p, hostname, ":", portnum, NULL);
        }
    }
  --- 759,771 ----
    }
    
    char *construct_server(pool *p, const char *hostname, int port) {
  !     char portnum[22];		
  ! 	/* Long enough, even if port > 16 bits for some reason */
      
        if (port == 80)
    	return (char *)hostname;
        else {
  !         ap_snprintf (portnum, sizeof(portnum), "%d", port);
    	return pstrcat (p, hostname, ":", portnum, NULL);
        }
    }
  ***************
  *** 1307,1313 ****
        int offset;
    
        offset = 0;
  !     for (loop=0; loop < (strlen(path) + 1); loop++) {
            if (path[loop] == '/') {
                newpath[offset] = '\\';
                /*
  --- 1309,1315 ----
        int offset;
    
        offset = 0;
  !     for (loop=0; loop < (strlen(path) + 1) && loop < sizeof(newpath)-1; loop++) {
            if (path[loop] == '/') {
                newpath[offset] = '\\';
                /*
  
  
  
  1.41      +9 -7      apache/src/util_script.c
  
  Index: util_script.c
  ===================================================================
  RCS file: /export/home/cvs/apache/src/util_script.c,v
  retrieving revision 1.40
  retrieving revision 1.41
  diff -C3 -r1.40 -r1.41
  *** util_script.c	1997/01/16 07:57:29	1.40
  --- util_script.c	1997/01/20 04:28:17	1.41
  ***************
  *** 93,98 ****
  --- 93,99 ----
    	av[idx] = escape_shell_cmd(r->pool, t);
    	av[idx] = t;
    	idx++;
  + 	if (idx >= APACHE_ARG_MAX-1) break;
    	
    	while ((t = strtok(NULL, "+")) != NULL) {
    	    unescape_url(t);
  ***************
  *** 100,111 ****
    	    av[idx] = escape_shell_cmd(r->pool, t);
    	    av[idx] = t;
    	    idx++;
    	}
    	va_end(args);
        }
        va_end(args);
    
  !     av[idx] = NULL;
        return av;
    }
    
  --- 101,113 ----
    	    av[idx] = escape_shell_cmd(r->pool, t);
    	    av[idx] = t;
    	    idx++;
  + 	    if (idx >= APACHE_ARG_MAX-1) break;
    	}
    	va_end(args);
        }
        va_end(args);
    
  !     av[idx] = '\0';
        return av;
    }
    
  ***************
  *** 177,183 ****
    	    table_set (e, http2env (r->pool, hdrs[i].key), hdrs[i].val);
        }
        
  !     sprintf(port, "%d", s->port);
    
        if(!(env_path = getenv("PATH")))
            env_path=DEFAULT_PATH;
  --- 179,185 ----
    	    table_set (e, http2env (r->pool, hdrs[i].key), hdrs[i].val);
        }
        
  !     ap_snprintf(port, sizeof(port), "%d", s->port);
    
        if(!(env_path = getenv("PATH")))
            env_path=DEFAULT_PATH;
  ***************
  *** 193,199 ****
        table_set (e, "SERVER_ADMIN", s->server_admin); /* Apache */
        table_set (e, "SCRIPT_FILENAME", r->filename); /* Apache */
        
  !     sprintf(port, "%d", ntohs(c->remote_addr.sin_port));
        table_set (e, "REMOTE_PORT", port);            /* Apache */
    
        if (c->user) table_set(e, "REMOTE_USER", c->user);
  --- 195,201 ----
        table_set (e, "SERVER_ADMIN", s->server_admin); /* Apache */
        table_set (e, "SCRIPT_FILENAME", r->filename); /* Apache */
        
  !     ap_snprintf(port, sizeof(port), "%d", ntohs(c->remote_addr.sin_port));
        table_set (e, "REMOTE_PORT", port);            /* Apache */
    
        if (c->user) table_set(e, "REMOTE_USER", c->user);
  ***************
  *** 389,399 ****
        else if(size < 1024) 
            strcpy(ss, "   1k");
        else if(size < 1048576)
  !         sprintf(ss, "%4dk", (size + 512) / 1024);
        else if(size < 103809024)
  ! 	sprintf(ss, "%4.1fM", size / 1048576.0);
        else
  !         sprintf(ss, "%4dM", (size + 524288) / 1048576);
        rputs(ss, r);
    }
    
  --- 391,401 ----
        else if(size < 1024) 
            strcpy(ss, "   1k");
        else if(size < 1048576)
  !         ap_snprintf(ss, sizeof(ss), "%4dk", (size + 512) / 1024);
        else if(size < 103809024)
  ! 	ap_snprintf(ss, sizeof(ss), "%4.1fM", size / 1048576.0);
        else
  !         ap_snprintf(ss, sizeof(ss), "%4dM", (size + 524288) / 1048576);
        rputs(ss, r);
    }
    
  ***************
  *** 473,479 ****
            program = fopen (r->filename, "r");
            if (!program) {
                char err_string[HUGE_STRING_LEN];
  !             sprintf(err_string, "open of %s failed, errno is %d\n", r->filename, errno);
                /* write(2, err_string, strlen(err_string)); */
                /* exit(0); */
                log_unixerr("fopen", NULL, err_string, r->server);
  --- 475,481 ----
            program = fopen (r->filename, "r");
            if (!program) {
                char err_string[HUGE_STRING_LEN];
  !             ap_snprintf(err_string, sizeof(err_string), "open of %s failed, errno is %d\n", r->filename, errno);
                /* write(2, err_string, strlen(err_string)); */
                /* exit(0); */
                log_unixerr("fopen", NULL, err_string, r->server);
  
  
  
  1.9       +6 -4      apache/src/modules/proxy/proxy_cache.c
  
  Index: proxy_cache.c
  ===================================================================
  RCS file: /export/home/cvs/apache/src/modules/proxy/proxy_cache.c,v
  retrieving revision 1.8
  retrieving revision 1.9
  diff -C3 -r1.8 -r1.9
  *** proxy_cache.c	1997/01/01 18:20:01	1.8
  --- proxy_cache.c	1997/01/20 04:28:32	1.9
  ***************
  *** 194,200 ****
        struct gc_ent *fent;
        int nfiles=0;
    
  !     sprintf(cachedir,"%s%s",cachebasedir,cachesubdir);
        Explain1("GC Examining directory %s",cachedir);
        dir = opendir(cachedir);
        if (dir == NULL)
  --- 194,200 ----
        struct gc_ent *fent;
        int nfiles=0;
    
  !     ap_snprintf(cachedir, sizeof(cachedir), "%s%s",cachebasedir,cachesubdir);
        Explain1("GC Examining directory %s",cachedir);
        dir = opendir(cachedir);
        if (dir == NULL)
  ***************
  *** 251,260 ****
    	    {
    	    char newcachedir[HUGE_STRING_LEN];
    	    close(fd);
  ! 	    sprintf(newcachedir,"%s%s/",cachesubdir,ent->d_name);
    	    if(!sub_garbage_coll(r,files,cachebasedir,newcachedir))
    		{
  ! 		sprintf(newcachedir,"%s%s",cachedir,ent->d_name);
    #if TESTING
    		fprintf(stderr,"Would remove directory %s\n",newcachedir);
    #else
  --- 251,262 ----
    	    {
    	    char newcachedir[HUGE_STRING_LEN];
    	    close(fd);
  ! 	    ap_snprintf(newcachedir, sizeof(newcachedir),
  ! 		"%s%s/",cachesubdir,ent->d_name);
    	    if(!sub_garbage_coll(r,files,cachebasedir,newcachedir))
    		{
  ! 		ap_snprintf(newcachedir, sizeof(newcachedir), 
  ! 			"%s%s",cachedir,ent->d_name);
    #if TESTING
    		fprintf(stderr,"Would remove directory %s\n",newcachedir);
    #else
  ***************
  *** 383,389 ****
    	if (q == NULL)
    	{
    	    p = palloc(pool, 15);
  ! 	    sprintf(p, "%u", c->len);
    	    proxy_add_header(c->hdrs, "Content-Length", p, HDR_REP);
    	}
        }
  --- 385,391 ----
    	if (q == NULL)
    	{
    	    p = palloc(pool, 15);
  ! 	    ap_snprintf(p, 15, "%u", c->len);
    	    proxy_add_header(c->hdrs, "Content-Length", p, HDR_REP);
    	}
        }
  
  
  
  1.8       +21 -17    apache/src/modules/proxy/proxy_ftp.c
  
  Index: proxy_ftp.c
  ===================================================================
  RCS file: /export/home/cvs/apache/src/modules/proxy/proxy_ftp.c,v
  retrieving revision 1.7
  retrieving revision 1.8
  diff -C3 -r1.7 -r1.8
  *** proxy_ftp.c	1997/01/07 21:51:57	1.7
  --- proxy_ftp.c	1997/01/20 04:28:33	1.8
  ***************
  *** 158,164 ****
    
    /* now, rebuild URL */
    
  !     if (port != DEFAULT_FTP_PORT) sprintf(sport, ":%d", port);
        else sport[0] = '\0';
    
        r->filename = pstrcat(pool, "proxy:ftp://", (user != NULL) ? user : "",
  --- 158,164 ----
    
    /* now, rebuild URL */
    
  !     if (port != DEFAULT_FTP_PORT) ap_snprintf(sport, sizeof(sport), ":%d", port);
        else sport[0] = '\0';
    
        r->filename = pstrcat(pool, "proxy:ftp://", (user != NULL) ? user : "",
  ***************
  *** 221,232 ****
        char buf[IOBUFSIZE];
        char buf2[IOBUFSIZE];
        char *filename;
  !     char urlptr[100];
        long total_bytes_sent;
        register int n, o, w;
        conn_rec *con = r->connection;
    
  !     sprintf(buf,"<HTML><HEAD><TITLE>%s</TITLE></HEAD><BODY><H1>Directory %s</H1><HR><PRE>", url, url);
        bwrite(con->client, buf, strlen(buf));
        if (f2 != NULL) bwrite(f2, buf, strlen(buf));
        total_bytes_sent=strlen(buf);
  --- 221,232 ----
        char buf[IOBUFSIZE];
        char buf2[IOBUFSIZE];
        char *filename;
  !     char urlptr[HUGE_STRING_LEN];
        long total_bytes_sent;
        register int n, o, w;
        conn_rec *con = r->connection;
    
  !     ap_snprintf(buf, sizeof(buf), "<HTML><HEAD><TITLE>%s</TITLE></HEAD><BODY><H1>Directory %s</H1><HR><PRE>", url, url);
        bwrite(con->client, buf, strlen(buf));
        if (f2 != NULL) bwrite(f2, buf, strlen(buf));
        total_bytes_sent=strlen(buf);
  ***************
  *** 248,256 ****
                do filename--; while (filename[0]!=' ');
                *(filename++)=0;
                *(link++)=0;
  !             sprintf(urlptr, "%s%s%s",url,(url[strlen(url)-1]=='/' ? "" : "/"), filename);
  !             sprintf(buf2, "%s <A HREF=\"%s\">%s %s</A>\015\012", buf, urlptr, filename, link);
  !             strcpy(buf, buf2);
                n=strlen(buf);
            }
            else if(buf[0]=='d' || buf[0]=='-' || buf[0]=='l')
  --- 248,257 ----
                do filename--; while (filename[0]!=' ');
                *(filename++)=0;
                *(link++)=0;
  !             ap_snprintf(urlptr, sizeof(urlptr), "%s%s%s",url,(url[strlen(url)-1]=='/' ? "" : "/"), filename);
  !             ap_snprintf(buf2, sizeof(urlptr), "%s <A HREF=\"%s\">%s %s</A>\015\012", buf, urlptr, filename, link);
  !             strncpy(buf, buf2, sizeof(buf)-1);
  ! 	    buf[sizeof(buf)-1] = '\0';
                n=strlen(buf);
            }
            else if(buf[0]=='d' || buf[0]=='-' || buf[0]=='l')
  ***************
  *** 261,268 ****
                /* Special handling for '.' and '..' */
                if (!strcmp(filename, "."))
                {
  !                 sprintf(urlptr, "%s",url);
  !                 sprintf(buf2, "%s <A HREF=\"%s\">%s</A>\015\012", buf, urlptr, filename);
                }
                else if (!strcmp(filename, ".."))
                {
  --- 262,269 ----
                /* Special handling for '.' and '..' */
                if (!strcmp(filename, "."))
                {
  !                 ap_snprintf(urlptr, sizeof(urlptr), "%s",url);
  !                 ap_snprintf(buf2, sizeof(buf2), "%s <A HREF=\"%s\">%s</A>\015\012", buf, urlptr, filename);
                }
                else if (!strcmp(filename, ".."))
                {
  ***************
  *** 270,276 ****
                    char newpath[200];
                    char *method, *host, *path, *newfile;
       
  !                 strcpy(temp,url);
                    method=temp;
    
                    host=strchr(method,':');
  --- 271,278 ----
                    char newpath[200];
                    char *method, *host, *path, *newfile;
       
  !                 strncpy(temp, url, sizeof(temp)-1);
  ! 		temp[sizeof(temp)-1] = '\0';
                    method=temp;
    
                    host=strchr(method,':');
  ***************
  *** 282,301 ****
                    if (path == NULL) path="";
                    else *(path++)=0;
                    
  !                 strcpy(newpath,path);
                    newfile=strrchr(newpath,'/');
                    if (newfile) *(newfile)=0;
                    else newpath[0]=0;
    
  !                 sprintf(urlptr,"%s://%s/%s",method,host,newpath);
  !                 sprintf(buf2, "%s <A HREF=\"%s\">%s</A>\015\012", buf, urlptr, filename);
                }
                else 
                {
  !                 sprintf(urlptr, "%s%s%s",url,(url[strlen(url)-1]=='/' ? "" : "/"), filename);
  !                 sprintf(buf2, "%s <A HREF=\"%s\">%s</A>\015\012", buf, urlptr, filename);
                }
  !             strcpy(buf, buf2);
                n=strlen(buf);
            }      
    
  --- 284,305 ----
                    if (path == NULL) path="";
                    else *(path++)=0;
                    
  !                 strncpy(newpath, path, sizeof(newpath)-1);
  ! 		newpath[sizeof(newpath)-1] = '\0';
                    newfile=strrchr(newpath,'/');
                    if (newfile) *(newfile)=0;
                    else newpath[0]=0;
    
  !                 ap_snprintf(urlptr, sizeof(urlptr), "%s://%s/%s",method,host,newpath);
  !                 ap_snprintf(buf2, sizeof(buf2), "%s <A HREF=\"%s\">%s</A>\015\012", buf, urlptr, filename);
                }
                else 
                {
  !                 ap_snprintf(urlptr, sizeof(urlptr), "%s%s%s",url,(url[strlen(url)-1]=='/' ? "" : "/"), filename);
  !                 ap_snprintf(buf2, sizeof(buf2), "%s <A HREF=\"%s\">%s</A>\015\012", buf, urlptr, filename);
                }
  !             strncpy(buf, buf2, sizeof(buf));
  ! 	    buf[sizeof(buf)-1] = '\0';
                n=strlen(buf);
            }      
    
  ***************
  *** 314,320 ****
                o+=w;
            }
        }
  !     sprintf(buf,"</PRE><HR><I><A HREF=\"http://www.apache.org\">%s</A></I></BODY></HTML>", SERVER_VERSION);
        bwrite(con->client, buf, strlen(buf));
        if (f2 != NULL) bwrite(f2, buf, strlen(buf));
        total_bytes_sent+=strlen(buf);
  --- 318,324 ----
                o+=w;
            }
        }
  !     ap_snprintf(buf, sizeof(buf), "</PRE><HR><I><A HREF=\"http://www.apache.org\">%s</A></I></BODY></HTML>", SERVER_VERSION);
        bwrite(con->client, buf, strlen(buf));
        if (f2 != NULL) bwrite(f2, buf, strlen(buf));
        total_bytes_sent+=strlen(buf);
  ***************
  *** 660,666 ****
            {
    	    char buff[22];
    
  ! 	    sprintf(buff, "%s:%d", inet_ntoa(server.sin_addr), server.sin_port);
    	    proxy_log_uerror("bind", buff,
    	        "proxy: error binding to ftp data socket", r->server);
        	    pclosef(pool, sock);
  --- 664,670 ----
            {
    	    char buff[22];
    
  ! 	    ap_snprintf(buff, sizeof(buff), "%s:%d", inet_ntoa(server.sin_addr), server.sin_port);
    	    proxy_log_uerror("bind", buff,
    	        "proxy: error binding to ftp data socket", r->server);
        	    pclosef(pool, sock);
  
  
  
  1.13      +1 -1      apache/src/modules/proxy/proxy_http.c
  
  Index: proxy_http.c
  ===================================================================
  RCS file: /export/home/cvs/apache/src/modules/proxy/proxy_http.c,v
  retrieving revision 1.12
  retrieving revision 1.13
  diff -C3 -r1.12 -r1.13
  *** proxy_http.c	1997/01/07 21:51:58	1.12
  --- proxy_http.c	1997/01/20 04:28:33	1.13
  ***************
  *** 100,106 ****
        } else
    	search = NULL;
    
  !     if (port != def_port) sprintf(sport, ":%d", port);
        else sport[0] = '\0';
    
        r->filename = pstrcat(r->pool, "proxy:", scheme, "://", host, sport, "/",
  --- 100,106 ----
        } else
    	search = NULL;
    
  !     if (port != def_port) ap_snprintf(sport, sizeof(sport), ":%d", port);
        else sport[0] = '\0';
    
        r->filename = pstrcat(r->pool, "proxy:", scheme, "://", host, sport, "/",
  
  
  
  1.7       +1 -1      apache/src/modules/proxy/proxy_util.c
  
  Index: proxy_util.c
  ===================================================================
  RCS file: /export/home/cvs/apache/src/modules/proxy/proxy_util.c,v
  retrieving revision 1.6
  retrieving revision 1.7
  diff -C3 -r1.6 -r1.7
  *** proxy_util.c	1997/01/01 18:20:03	1.6
  --- proxy_util.c	1997/01/20 04:28:34	1.7
  ***************
  *** 297,303 ****
        if (mon == 12) return x;
    
        if (strlen(x) < 31) x = palloc(p, 31);
  !     sprintf(x, "%s, %.2d %s %d %.2d:%.2d:%.2d GMT", wday[wk], mday,
    	    months[mon], year, hour, min, sec);
        return x;
    }
  --- 297,303 ----
        if (mon == 12) return x;
    
        if (strlen(x) < 31) x = palloc(p, 31);
  !     ap_snprintf(x, strlen(x)+1, "%s, %.2d %s %d %.2d:%.2d:%.2d GMT", wday[wk], mday,
    	    months[mon], year, hour, min, sec);
        return x;
    }
  
  
  

Mime
View raw message