httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rj...@apache.org
Subject svn commit: r987484 - in /httpd/httpd/trunk: CHANGES modules/dav/fs/dbm.c modules/dav/fs/repos.c modules/dav/main/util_lock.c
Date Fri, 20 Aug 2010 12:55:43 GMT
Author: rjung
Date: Fri Aug 20 12:55:42 2010
New Revision: 987484

URL: http://svn.apache.org/viewvc?rev=987484&view=rev
Log:
Fix broken "creationdate" property in mod_dav_fs and
remove remaining uses of sprintf() in the dav modules.

This is a regression in 2.3.7 introduced by r931434.
It calls sizeof() for a function parameter, which only returns the
pointer size, not the size of the char array. Thus the
"creationdate" property got truncated to three characters.

Modified:
    httpd/httpd/trunk/CHANGES
    httpd/httpd/trunk/modules/dav/fs/dbm.c
    httpd/httpd/trunk/modules/dav/fs/repos.c
    httpd/httpd/trunk/modules/dav/main/util_lock.c

Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=987484&r1=987483&r2=987484&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Fri Aug 20 12:55:42 2010
@@ -5,6 +5,12 @@ Changes with Apache 2.3.8
   *) mod_proxy: Rename erroronstatus to failonstatus.
      [Daniel Ruggeri <DRuggeri primary.net>]
 
+  *) mod_dav_fs: Fix broken "creationdate" property.
+     Regression in version 2.3.7. [Rainer Jung]
+
+  *) mod_dav, mod_dav_fs: Replace remaining uses of sprintf()
+     by apr_snprintf(). [Rainer Jung]
+
 Changes with Apache 2.3.7
 
   *) SECURITY: CVE-2010-1452 (cve.mitre.org)

Modified: httpd/httpd/trunk/modules/dav/fs/dbm.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/dav/fs/dbm.c?rev=987484&r1=987483&r2=987484&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/dav/fs/dbm.c (original)
+++ httpd/httpd/trunk/modules/dav/fs/dbm.c Fri Aug 20 12:55:42 2010
@@ -311,7 +311,7 @@ static apr_datum_t dav_build_key(dav_db 
             return key;         /* zeroed */
         }
 
-        l_ns = sprintf(nsbuf, "%ld", ns_id - 1);
+        l_ns = apr_snprintf(nsbuf, sizeof(nsbuf), "%ld", ns_id - 1);
     }
 
     /* assemble: #:name */

Modified: httpd/httpd/trunk/modules/dav/fs/repos.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/dav/fs/repos.c?rev=987484&r1=987483&r2=987484&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/dav/fs/repos.c (original)
+++ httpd/httpd/trunk/modules/dav/fs/repos.c Fri Aug 20 12:55:42 2010
@@ -293,7 +293,7 @@ dav_error * dav_fs_dir_file_name(
 
 /* Note: picked up from ap_gm_timestr_822() */
 /* NOTE: buf must be at least DAV_TIMEBUF_SIZE chars in size */
-static void dav_format_time(int style, apr_time_t sec, char *buf)
+static void dav_format_time(int style, apr_time_t sec, char *buf, apr_size_t buflen)
 {
     apr_time_exp_t tms;
 
@@ -304,7 +304,7 @@ static void dav_format_time(int style, a
         /* ### should we use "-00:00" instead of "Z" ?? */
 
         /* 20 chars plus null term */
-        apr_snprintf(buf, sizeof(buf), "%.4d-%.2d-%.2dT%.2d:%.2d:%.2dZ",
+        apr_snprintf(buf, buflen, "%.4d-%.2d-%.2dT%.2d:%.2d:%.2dZ",
                      tms.tm_year + 1900, tms.tm_mon + 1, tms.tm_mday,
                      tms.tm_hour, tms.tm_min, tms.tm_sec);
         return;
@@ -313,12 +313,11 @@ static void dav_format_time(int style, a
     /* RFC 822 date format; as strftime '%a, %d %b %Y %T GMT' */
 
     /* 29 chars plus null term */
-    sprintf(buf,
-            "%s, %.2d %s %d %.2d:%.2d:%.2d GMT",
-           apr_day_snames[tms.tm_wday],
-           tms.tm_mday, apr_month_snames[tms.tm_mon],
-           tms.tm_year + 1900,
-           tms.tm_hour, tms.tm_min, tms.tm_sec);
+    apr_snprintf(buf, buflen, "%s, %.2d %s %d %.2d:%.2d:%.2d GMT",
+                 apr_day_snames[tms.tm_wday],
+                 tms.tm_mday, apr_month_snames[tms.tm_mon],
+                 tms.tm_year + 1900,
+                 tms.tm_hour, tms.tm_min, tms.tm_sec);
 }
 
 /* Copy or move src to dst; src_finfo is used to propagate permissions
@@ -1940,7 +1939,7 @@ static dav_prop_insert dav_fs_insert_pro
         */
         dav_format_time(DAV_STYLE_ISO8601,
                         resource->info->finfo.ctime,
-                        buf);
+                        buf, sizeof(buf));
         value = buf;
         break;
 
@@ -1949,7 +1948,7 @@ static dav_prop_insert dav_fs_insert_pro
         if (resource->collection)
             return DAV_PROP_INSERT_NOTDEF;
 
-        (void) sprintf(buf, "%" APR_OFF_T_FMT, resource->info->finfo.size);
+        apr_snprintf(buf, sizeof(buf), "%" APR_OFF_T_FMT, resource->info->finfo.size);
         value = buf;
         break;
 
@@ -1960,7 +1959,7 @@ static dav_prop_insert dav_fs_insert_pro
     case DAV_PROPID_getlastmodified:
         dav_format_time(DAV_STYLE_RFC822,
                         resource->info->finfo.mtime,
-                        buf);
+                        buf, sizeof(buf));
         value = buf;
         break;
 

Modified: httpd/httpd/trunk/modules/dav/main/util_lock.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/dav/main/util_lock.c?rev=987484&r1=987483&r2=987484&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/dav/main/util_lock.c (original)
+++ httpd/httpd/trunk/modules/dav/main/util_lock.c Fri Aug 20 12:55:42 2010
@@ -21,10 +21,6 @@
 #include "apr.h"
 #include "apr_strings.h"
 
-#if APR_HAVE_STDIO_H
-#include <stdio.h>              /* for sprintf() */
-#endif
-
 #include "mod_dav.h"
 #include "http_log.h"
 #include "http_config.h"
@@ -118,8 +114,8 @@ DAV_DECLARE(const char *) dav_lock_get_a
             break;
         }
         dav_buffer_append(p, pbuf, "</D:lockscope>" DEBUG_CR);
-        sprintf(tmp, "<D:depth>%s</D:depth>" DEBUG_CR,
-                lock->depth == DAV_INFINITY ? "infinity" : "0");
+        apr_snprintf(tmp, sizeof(tmp), "<D:depth>%s</D:depth>" DEBUG_CR,
+                     lock->depth == DAV_INFINITY ? "infinity" : "0");
         dav_buffer_append(p, pbuf, tmp);
 
         if (lock->owner) {
@@ -137,7 +133,7 @@ DAV_DECLARE(const char *) dav_lock_get_a
         }
         else {
             time_t now = time(NULL);
-            sprintf(tmp, "Second-%lu", (long unsigned int)(lock->timeout - now));
+            apr_snprintf(tmp, sizeof(tmp), "Second-%lu", (long unsigned int)(lock->timeout
- now));
             dav_buffer_append(p, pbuf, tmp);
         }
 



Mime
View raw message