You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@subversion.apache.org by ju...@apache.org on 2010/12/22 13:48:01 UTC
svn commit: r1051875 -
/subversion/trunk/subversion/mod_authz_svn/mod_authz_svn.c
Author: julianfoad
Date: Wed Dec 22 12:48:01 2010
New Revision: 1051875
URL: http://svn.apache.org/viewvc?rev=1051875&view=rev
Log:
Fix a printf format-string insecurity. A follow-up to r1030536. Found by
my compiler.
* subversion/mod_authz_svn/mod_authz_svn.c
(get_access_conf): Insert the error message using "subversion/mod_authz_svn/mod_authz_svn.cs" rather than directly
as the format string argument.
Modified:
subversion/trunk/subversion/mod_authz_svn/mod_authz_svn.c
Modified: subversion/trunk/subversion/mod_authz_svn/mod_authz_svn.c
URL: http://svn.apache.org/viewvc/subversion/trunk/subversion/mod_authz_svn/mod_authz_svn.c?rev=1051875&r1=1051874&r2=1051875&view=diff
==============================================================================
--- subversion/trunk/subversion/mod_authz_svn/mod_authz_svn.c (original)
+++ subversion/trunk/subversion/mod_authz_svn/mod_authz_svn.c Wed Dec 22 12:48:01 2010
@@ -170,7 +170,7 @@ get_access_conf(request_rec *r, authz_sv
{
dav_err = dav_svn_get_repos_path(r, conf->base_path, &repos_path);
if (dav_err) {
- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, dav_err->desc);
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "%s", dav_err->desc);
return NULL;
}
access_file = svn_dirent_join_many(r->pool, repos_path, "conf",
Re: svn commit: r1051875 -
/subversion/trunk/subversion/mod_authz_svn/mod_authz_svn.c
Posted by Daniel Shahaf <d....@daniel.shahaf.name>.
julianfoad@apache.org wrote on Wed, Dec 22, 2010 at 12:48:01 -0000:
> Author: julianfoad
> Date: Wed Dec 22 12:48:01 2010
> New Revision: 1051875
>
> URL: http://svn.apache.org/viewvc?rev=1051875&view=rev
> Log:
> Fix a printf format-string insecurity. A follow-up to r1030536. Found by
> my compiler.
>
> * subversion/mod_authz_svn/mod_authz_svn.c
> (get_access_conf): Insert the error message using "subversion/mod_authz_svn/mod_authz_svn.cs" rather than directly
> as the format string argument.
>
So /that/ is why people use Emacs...