Package: jesred Version: 1.2pl1-13 Severity: normal Tags: patch Long urls cause jesred to segfault. Attached patch uses vsnprintf instead of vsprintf in log.c
-- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.25-2-686 (SMP w/1 CPU core) Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages jesred depends on: ii libc6 2.7-12 GNU C Library: Shared libraries ii squid 2.7.STABLE2-2 Internet object cache (WWW proxy c Versions of packages jesred recommends: ii apache2-mpm-worker [httpd] 2.2.9-2 Apache HTTP Server - high speed th -- no debconf information
--- log.c.orig 2008-04-16 09:15:10.000000000 +1000
+++ log.c 2008-04-16 09:17:07.000000000 +1000
@@ -71,7 +71,8 @@
struct timeval current_time;
va_start(args, format);
- if(vsprintf(msg, format, args) > (BUFSIZE - 1)) {
+ /* Use a safe printf function*/
+ if(vsnprintf(msg, BUFSIZE, format, args) > (BUFSIZE - 1)) {
/* string is longer than the maximum buffer we specified,
so just return */
return;
signature.asc
Description: Digital signature

