Revision: 14394
http://harbour-project.svn.sourceforge.net/harbour-project/?rev=14394&view=rev
Author: druzus
Date: 2010-04-26 09:44:13 +0000 (Mon, 26 Apr 2010)
Log Message:
-----------
2010-04-26 11:44 UTC+0200 Przemyslaw Czerpak (druzus/at/priv.onet.pl)
* harbour/src/common/hbtrace.c
! fixed potential GPF/memory corruption due to direct passing formatted
string as format to syslog() function. Please remember to never create
code like 'printf( str );' if str can contain printf escape characters
because it may cause any unpredictable results. Always use
'printf( "%s", str);' in such context.
BTW It's one of the most common bug used by hackers in buffer/stack
overflow attacks, i.e. using str with %n conversion specifier.
% eliminated unnecessary buffer conversion in *nix builds
Modified Paths:
--------------
trunk/harbour/ChangeLog
trunk/harbour/src/common/hbtrace.c
This was sent by the SourceForge.net collaborative development platform, the
world's largest Open Source development site.
_______________________________________________
Harbour mailing list (attachment size limit: 40KB)
[email protected]
http://lists.harbour-project.org/mailman/listinfo/harbour
