rse 98/06/09 02:35:08
Modified: src CHANGES src/modules/standard mod_rewrite.c Log: Replace two bad sprintf() calls with ap_snprintf() variants in mod_rewrite. The sprintf()'s were incorrectly introduced recently because Ralf didn't recognize that although the ap_psprintf() needs a pool (which is not available at the particular place in mod_rewrite) we also have the non-pool based more secure ap_snprintf() (which is now used). Thanks to Marc for complaining and giving the hint to ap_snprintf(). Revision Changes Path 1.901 +7 -0 apache-1.3/src/CHANGES Index: CHANGES =================================================================== RCS file: /export/home/cvs/apache-1.3/src/CHANGES,v retrieving revision 1.900 retrieving revision 1.901 diff -u -r1.900 -r1.901 --- CHANGES 1998/06/09 05:22:10 1.900 +++ CHANGES 1998/06/09 09:35:05 1.901 @@ -1,5 +1,12 @@ Changes with Apache 1.3.1 + *) Replace two bad sprintf() calls with ap_snprintf() variants in + mod_rewrite. The sprintf()'s were incorrectly introduced recently because + Ralf didn't recognize that although the ap_psprintf() needs a pool (which + is not available at the particular place in mod_rewrite) we also have the + non-pool based more secure ap_snprintf() (which is now used). + [Ralf S. Engelschall] + *) Fix missing usage description for MetaFiles directive. [David MacKenzie <[EMAIL PROTECTED]>] PR#2384 1.115 +3 -2 apache-1.3/src/modules/standard/mod_rewrite.c Index: mod_rewrite.c =================================================================== RCS file: /export/home/cvs/apache-1.3/src/modules/standard/mod_rewrite.c,v retrieving revision 1.114 retrieving revision 1.115 diff -u -r1.114 -r1.115 --- mod_rewrite.c 1998/06/03 12:12:11 1.114 +++ mod_rewrite.c 1998/06/09 09:35:07 1.115 @@ -2820,7 +2820,8 @@ char buf[50]; rewrite_rand_init(); - sprintf(buf, "%.0f", (((double)(rand()%RAND_MAX)/RAND_MAX)*(h-l))); + ap_snprintf(buf, sizeof(buf), "%.0f", + (((double)(rand()%RAND_MAX)/RAND_MAX)*(h-l))); i = atoi(buf)+1; if (i < l) i = l; if (i > h) i = h; @@ -3194,7 +3195,7 @@ STARTUPINFO si; PROCESS_INFORMATION pi; - sprintf(pCommand, "%s /C %s", SHELL_PATH, cmd); + ap_snprintf(pCommand, sizeof(pCommand), "%s /C %s", SHELL_PATH, cmd); memset(&si, 0, sizeof(si)); memset(&pi, 0, sizeof(pi));