You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Ben Laurie <be...@algroup.co.uk> on 2003/09/02 11:02:55 UTC
Re: [Fwd: Possible security flaw! (Format BUG)]
Ranier Vilela wrote:
> Sorry, the mpm_common.c.diff was empty.
>
>
> ------------------------------------------------------------------------
>
> --- mpm_common.c 2003-08-31 06:06:25.000000000 -0300
> +++ mpm_common_old.c 2003-08-31 05:57:14.000000000 -0300
> @@ -808,7 +808,7 @@
>
> if (!strcmp(dash_k_arg, "restart")) {
> if (!running) {
> - printf("%s\n", "httpd not running, trying to start");
> + printf("httpd not running, trying to start\n");
> }
> else {
> *exit_status = send_signal(otherpid, SIGHUP);
> @@ -818,7 +818,7 @@
>
> if (!strcmp(dash_k_arg, "graceful")) {
> if (!running) {
> - printf("%s\n", "httpd not running, trying to start");
> + printf("httpd not running, trying to start\n");
> }
> else {
> *exit_status = send_signal(otherpid, SIGUSR1);
That's backwards. In any case, there is no flaw here, but it would be
more efficient to replace printf with puts (and lose the trailing
newline, of course).
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff