On Fri, Aug 20, 2010 at 8:55 AM, <[email protected]> wrote: > Author: rjung > Date: Fri Aug 20 12:55:42 2010 > New Revision: 987484 > > URL: http://svn.apache.org/viewvc?rev=987484&view=rev > Log: > Fix broken "creationdate" property in mod_dav_fs and > remove remaining uses of sprintf() in the dav modules. > > This is a regression in 2.3.7 introduced by r931434. > It calls sizeof() for a function parameter, which only returns the > pointer size, not the size of the char array. Thus the > "creationdate" property got truncated to three characters. > > Modified: > httpd/httpd/trunk/CHANGES > httpd/httpd/trunk/modules/dav/fs/dbm.c > httpd/httpd/trunk/modules/dav/fs/repos.c > httpd/httpd/trunk/modules/dav/main/util_lock.c > > Modified: httpd/httpd/trunk/CHANGES > URL: > http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=987484&r1=987483&r2=987484&view=diff > > ============================================================================== > --- httpd/httpd/trunk/CHANGES [utf-8] (original) > +++ httpd/httpd/trunk/CHANGES [utf-8] Fri Aug 20 12:55:42 2010 > @@ -5,6 +5,12 @@ Changes with Apache 2.3.8 > ... >
> + > + *) mod_dav, mod_dav_fs: Replace remaining uses of sprintf() > + by apr_snprintf(). [Rainer Jung] > IMO the only interesting point is whether or not we fixed a buffer overflow. If yes: CHANGES (and more) If no: nobody needs to know, or even have a reason to suspect/worry that there was a buffer overflow that was fixed
