On Tue, Jul 20, 2004 at 06:19:13PM +0200, Juergen Weigert wrote:
On Jul 17, 04 08:57:09 +0200, Ralf S. Engelschall wrote:
On Fri, Jul 16, 2004, Joe Orton wrote:
[...] I think it's portable to assume time_t is a long...
[...]
I'd appreciate
assert(sizof(time_t) ==
I would prefer either:
#if ...
#error ...
#endif
or
if( ... ) {
log some easy to understand error
exit(1)
}
--- Juergen Weigert [EMAIL PROTECTED] wrote:
On Jul 17, 04 08:57:09 +0200, Ralf S. Engelschall
wrote:
On Fri, Jul 16, 2004, Joe Orton wrote:
[...] I think it's portable
On Fri, Jul 16, 2004, Joe Orton wrote:
I'm checking an older version of mod_ssl but there are a couple of other
uninteresting format string warnings from gcc. I think it's portable to
assume time_t is a long...
[...]
Yes, although they are not security related, they could crash the
server,
On Sat, Jul 17, 2004 at 08:57:09AM +0200, Ralf S. Engelschall wrote:
Yes, although they are not security related, they could crash the
server, too. So we should fix those formatting bugs, too. A little bit
of extra casting might be required, I think. I've now committed to my
CVS for mod_ssl
We've today found an ssl_log() related format string vulnerability in
the mod_proxy hook functions of mod_ssl for Apache 1.3.x (mod_ssl for
Apache 2.x is not affected). A mod_ssl 2.8.19 for Apache 1.3.31 was
created which fixes this potential security hole.
Get mod_ssl-2.8.19-1.3.31.tar.gz from:
I'm checking an older version of mod_ssl but there are a couple of other
uninteresting format string warnings from gcc. I think it's portable to
assume time_t is a long...
--- ./ssl_engine_io.c.warnings 2002-02-23 18:45:45.0 +
+++ ./ssl_engine_io.c 2004-07-16 22:02:32.0