Return-Path: Delivered-To: apmail-httpd-cvs-archive@www.apache.org Received: (qmail 85091 invoked from network); 20 Aug 2010 12:57:23 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 20 Aug 2010 12:57:23 -0000 Received: (qmail 80243 invoked by uid 500); 20 Aug 2010 12:57:22 -0000 Delivered-To: apmail-httpd-cvs-archive@httpd.apache.org Received: (qmail 80039 invoked by uid 500); 20 Aug 2010 12:57:20 -0000 Mailing-List: contact cvs-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list cvs@httpd.apache.org Received: (qmail 80032 invoked by uid 99); 20 Aug 2010 12:57:19 -0000 Received: from Unknown (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 20 Aug 2010 12:57:19 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 20 Aug 2010 12:57:01 +0000 Received: by eris.apache.org (Postfix, from userid 65534) id 3794423889B3; Fri, 20 Aug 2010 12:55:43 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r987484 - in /httpd/httpd/trunk: CHANGES modules/dav/fs/dbm.c modules/dav/fs/repos.c modules/dav/main/util_lock.c Date: Fri, 20 Aug 2010 12:55:43 -0000 To: cvs@httpd.apache.org From: rjung@apache.org X-Mailer: svnmailer-1.0.8 Message-Id: <20100820125543.3794423889B3@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: rjung Date: Fri Aug 20 12:55:42 2010 New Revision: 987484 URL: http://svn.apache.org/viewvc?rev=987484&view=rev Log: Fix broken "creationdate" property in mod_dav_fs and remove remaining uses of sprintf() in the dav modules. This is a regression in 2.3.7 introduced by r931434. It calls sizeof() for a function parameter, which only returns the pointer size, not the size of the char array. Thus the "creationdate" property got truncated to three characters. Modified: httpd/httpd/trunk/CHANGES httpd/httpd/trunk/modules/dav/fs/dbm.c httpd/httpd/trunk/modules/dav/fs/repos.c httpd/httpd/trunk/modules/dav/main/util_lock.c Modified: httpd/httpd/trunk/CHANGES URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=987484&r1=987483&r2=987484&view=diff ============================================================================== --- httpd/httpd/trunk/CHANGES [utf-8] (original) +++ httpd/httpd/trunk/CHANGES [utf-8] Fri Aug 20 12:55:42 2010 @@ -5,6 +5,12 @@ Changes with Apache 2.3.8 *) mod_proxy: Rename erroronstatus to failonstatus. [Daniel Ruggeri ] + *) mod_dav_fs: Fix broken "creationdate" property. + Regression in version 2.3.7. [Rainer Jung] + + *) mod_dav, mod_dav_fs: Replace remaining uses of sprintf() + by apr_snprintf(). [Rainer Jung] + Changes with Apache 2.3.7 *) SECURITY: CVE-2010-1452 (cve.mitre.org) Modified: httpd/httpd/trunk/modules/dav/fs/dbm.c URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/dav/fs/dbm.c?rev=987484&r1=987483&r2=987484&view=diff ============================================================================== --- httpd/httpd/trunk/modules/dav/fs/dbm.c (original) +++ httpd/httpd/trunk/modules/dav/fs/dbm.c Fri Aug 20 12:55:42 2010 @@ -311,7 +311,7 @@ static apr_datum_t dav_build_key(dav_db return key; /* zeroed */ } - l_ns = sprintf(nsbuf, "%ld", ns_id - 1); + l_ns = apr_snprintf(nsbuf, sizeof(nsbuf), "%ld", ns_id - 1); } /* assemble: #:name */ Modified: httpd/httpd/trunk/modules/dav/fs/repos.c URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/dav/fs/repos.c?rev=987484&r1=987483&r2=987484&view=diff ============================================================================== --- httpd/httpd/trunk/modules/dav/fs/repos.c (original) +++ httpd/httpd/trunk/modules/dav/fs/repos.c Fri Aug 20 12:55:42 2010 @@ -293,7 +293,7 @@ dav_error * dav_fs_dir_file_name( /* Note: picked up from ap_gm_timestr_822() */ /* NOTE: buf must be at least DAV_TIMEBUF_SIZE chars in size */ -static void dav_format_time(int style, apr_time_t sec, char *buf) +static void dav_format_time(int style, apr_time_t sec, char *buf, apr_size_t buflen) { apr_time_exp_t tms; @@ -304,7 +304,7 @@ static void dav_format_time(int style, a /* ### should we use "-00:00" instead of "Z" ?? */ /* 20 chars plus null term */ - apr_snprintf(buf, sizeof(buf), "%.4d-%.2d-%.2dT%.2d:%.2d:%.2dZ", + apr_snprintf(buf, buflen, "%.4d-%.2d-%.2dT%.2d:%.2d:%.2dZ", tms.tm_year + 1900, tms.tm_mon + 1, tms.tm_mday, tms.tm_hour, tms.tm_min, tms.tm_sec); return; @@ -313,12 +313,11 @@ static void dav_format_time(int style, a /* RFC 822 date format; as strftime '%a, %d %b %Y %T GMT' */ /* 29 chars plus null term */ - sprintf(buf, - "%s, %.2d %s %d %.2d:%.2d:%.2d GMT", - apr_day_snames[tms.tm_wday], - tms.tm_mday, apr_month_snames[tms.tm_mon], - tms.tm_year + 1900, - tms.tm_hour, tms.tm_min, tms.tm_sec); + apr_snprintf(buf, buflen, "%s, %.2d %s %d %.2d:%.2d:%.2d GMT", + apr_day_snames[tms.tm_wday], + tms.tm_mday, apr_month_snames[tms.tm_mon], + tms.tm_year + 1900, + tms.tm_hour, tms.tm_min, tms.tm_sec); } /* Copy or move src to dst; src_finfo is used to propagate permissions @@ -1940,7 +1939,7 @@ static dav_prop_insert dav_fs_insert_pro */ dav_format_time(DAV_STYLE_ISO8601, resource->info->finfo.ctime, - buf); + buf, sizeof(buf)); value = buf; break; @@ -1949,7 +1948,7 @@ static dav_prop_insert dav_fs_insert_pro if (resource->collection) return DAV_PROP_INSERT_NOTDEF; - (void) sprintf(buf, "%" APR_OFF_T_FMT, resource->info->finfo.size); + apr_snprintf(buf, sizeof(buf), "%" APR_OFF_T_FMT, resource->info->finfo.size); value = buf; break; @@ -1960,7 +1959,7 @@ static dav_prop_insert dav_fs_insert_pro case DAV_PROPID_getlastmodified: dav_format_time(DAV_STYLE_RFC822, resource->info->finfo.mtime, - buf); + buf, sizeof(buf)); value = buf; break; Modified: httpd/httpd/trunk/modules/dav/main/util_lock.c URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/dav/main/util_lock.c?rev=987484&r1=987483&r2=987484&view=diff ============================================================================== --- httpd/httpd/trunk/modules/dav/main/util_lock.c (original) +++ httpd/httpd/trunk/modules/dav/main/util_lock.c Fri Aug 20 12:55:42 2010 @@ -21,10 +21,6 @@ #include "apr.h" #include "apr_strings.h" -#if APR_HAVE_STDIO_H -#include /* for sprintf() */ -#endif - #include "mod_dav.h" #include "http_log.h" #include "http_config.h" @@ -118,8 +114,8 @@ DAV_DECLARE(const char *) dav_lock_get_a break; } dav_buffer_append(p, pbuf, "" DEBUG_CR); - sprintf(tmp, "%s" DEBUG_CR, - lock->depth == DAV_INFINITY ? "infinity" : "0"); + apr_snprintf(tmp, sizeof(tmp), "%s" DEBUG_CR, + lock->depth == DAV_INFINITY ? "infinity" : "0"); dav_buffer_append(p, pbuf, tmp); if (lock->owner) { @@ -137,7 +133,7 @@ DAV_DECLARE(const char *) dav_lock_get_a } else { time_t now = time(NULL); - sprintf(tmp, "Second-%lu", (long unsigned int)(lock->timeout - now)); + apr_snprintf(tmp, sizeof(tmp), "Second-%lu", (long unsigned int)(lock->timeout - now)); dav_buffer_append(p, pbuf, tmp); }