httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeff Trawick <traw...@gmail.com>
Subject Re: svn commit: r987484 - in /httpd/httpd/trunk: CHANGES modules/dav/fs/dbm.c modules/dav/fs/repos.c modules/dav/main/util_lock.c
Date Fri, 20 Aug 2010 13:24:38 GMT
On Fri, Aug 20, 2010 at 8:55 AM, <rjung@apache.org> wrote:

> Author: rjung
> Date: Fri Aug 20 12:55:42 2010
> New Revision: 987484
>
> URL: http://svn.apache.org/viewvc?rev=987484&view=rev
> Log:
> Fix broken "creationdate" property in mod_dav_fs and
> remove remaining uses of sprintf() in the dav modules.
>
> This is a regression in 2.3.7 introduced by r931434.
> It calls sizeof() for a function parameter, which only returns the
> pointer size, not the size of the char array. Thus the
> "creationdate" property got truncated to three characters.
>
> Modified:
>    httpd/httpd/trunk/CHANGES
>    httpd/httpd/trunk/modules/dav/fs/dbm.c
>    httpd/httpd/trunk/modules/dav/fs/repos.c
>    httpd/httpd/trunk/modules/dav/main/util_lock.c
>
> Modified: httpd/httpd/trunk/CHANGES
> URL:
> http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=987484&r1=987483&r2=987484&view=diff
>
> ==============================================================================
> --- httpd/httpd/trunk/CHANGES [utf-8] (original)
> +++ httpd/httpd/trunk/CHANGES [utf-8] Fri Aug 20 12:55:42 2010
> @@ -5,6 +5,12 @@ Changes with Apache 2.3.8
> ...
>


> +
> +  *) mod_dav, mod_dav_fs: Replace remaining uses of sprintf()
> +     by apr_snprintf(). [Rainer Jung]
>

IMO the only interesting point is whether or not we fixed a buffer overflow.

If yes: CHANGES (and more)
If no: nobody needs to know, or even have a reason to suspect/worry that
there was a buffer overflow that was fixed

Mime
View raw message