You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@subversion.apache.org by ju...@apache.org on 2010/12/22 13:48:01 UTC

svn commit: r1051875 - /subversion/trunk/subversion/mod_authz_svn/mod_authz_svn.c

Author: julianfoad
Date: Wed Dec 22 12:48:01 2010
New Revision: 1051875

URL: http://svn.apache.org/viewvc?rev=1051875&view=rev
Log:
Fix a printf format-string insecurity. A follow-up to r1030536. Found by
my compiler.

* subversion/mod_authz_svn/mod_authz_svn.c
  (get_access_conf): Insert the error message using "subversion/mod_authz_svn/mod_authz_svn.cs" rather than directly
    as the format string argument.

Modified:
    subversion/trunk/subversion/mod_authz_svn/mod_authz_svn.c

Modified: subversion/trunk/subversion/mod_authz_svn/mod_authz_svn.c
URL: http://svn.apache.org/viewvc/subversion/trunk/subversion/mod_authz_svn/mod_authz_svn.c?rev=1051875&r1=1051874&r2=1051875&view=diff
==============================================================================
--- subversion/trunk/subversion/mod_authz_svn/mod_authz_svn.c (original)
+++ subversion/trunk/subversion/mod_authz_svn/mod_authz_svn.c Wed Dec 22 12:48:01 2010
@@ -170,7 +170,7 @@ get_access_conf(request_rec *r, authz_sv
     {
       dav_err = dav_svn_get_repos_path(r, conf->base_path, &repos_path);
       if (dav_err) {
-        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, dav_err->desc);
+        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "%s", dav_err->desc);
         return NULL;
       }
       access_file = svn_dirent_join_many(r->pool, repos_path, "conf",

Re: svn commit: r1051875 - /subversion/trunk/subversion/mod_authz_svn/mod_authz_svn.c

Posted by Daniel Shahaf <d....@daniel.shahaf.name>.

julianfoad@apache.org wrote on Wed, Dec 22, 2010 at 12:48:01 -0000:
> Author: julianfoad
> Date: Wed Dec 22 12:48:01 2010
> New Revision: 1051875
> 
> URL: http://svn.apache.org/viewvc?rev=1051875&view=rev
> Log:
> Fix a printf format-string insecurity. A follow-up to r1030536. Found by
> my compiler.
> 
> * subversion/mod_authz_svn/mod_authz_svn.c
>   (get_access_conf): Insert the error message using "subversion/mod_authz_svn/mod_authz_svn.cs" rather than directly
>     as the format string argument.
> 

So /that/ is why people use Emacs...