On Fri, Jul 16, 2004, Joe Orton wrote:
> I'm checking an older version of mod_ssl but there are a couple of other
> uninteresting format string warnings from gcc. I think it's portable to
> assume time_t is a long...
> [...]
Yes, although they are not security related, they could crash the
server, too. So we should fix those formatting bugs, too. A little bit
of extra casting might be required, I think. I've now committed to my
CVS for mod_ssl 2.8.20 the following patch. Thanks for your feedback.
Please commit a similar patch to mod_ssl for Apache 2.x, please.
Index: ssl_engine_io.c
===================================================================
RCS file: /e/modssl/cvs/mod_ssl/pkg.apache/src/modules/ssl/ssl_engine_io.c,v
retrieving revision 1.36
diff -u -d -r1.36 ssl_engine_io.c
--- ssl_engine_io.c 11 May 2004 18:44:15 -0000 1.36
+++ ssl_engine_io.c 17 Jul 2004 06:52:22 -0000
@@ -682,7 +682,7 @@
}
if (trunc > 0)
ssl_log(srvr, SSL_LOG_DEBUG|SSL_NO_TIMESTAMP|SSL_NO_LEVELID,
- "| %04x - <SPACES/NULS>", len + trunc);
+ "| %04lx - <SPACES/NULS>", len + trunc);
ssl_log(srvr, SSL_LOG_DEBUG|SSL_NO_TIMESTAMP|SSL_NO_LEVELID,
"+-------------------------------------------------------------------------+");
return;
@@ -704,21 +704,21 @@
|| cmd == (BIO_CB_READ |BIO_CB_RETURN) ) {
if (rc >= 0) {
ssl_log(s, SSL_LOG_DEBUG,
- "%s: %s %ld/%d bytes %s BIO#%08X [mem: %08lX] %s",
+ "%s: %s %ld/%d bytes %s BIO#%08lX [mem: %08lX] %s",
SSL_LIBRARY_NAME,
(cmd == (BIO_CB_WRITE|BIO_CB_RETURN) ? "write" : "read"),
rc, argi, (cmd == (BIO_CB_WRITE|BIO_CB_RETURN) ? "to" : "from"),
- bio, argp,
+ (long)bio, (long)argp,
(argp != NULL ? "(BIO dump follows)" : "(Ops, no memory
buffer?)"));
if (argp != NULL)
ssl_io_data_dump(s, argp, rc);
}
else {
ssl_log(s, SSL_LOG_DEBUG,
- "%s: I/O error, %d bytes expected to %s on BIO#%08X [mem: %08lX]",
+ "%s: I/O error, %d bytes expected to %s on BIO#%08lX [mem:
%08lX]",
SSL_LIBRARY_NAME, argi,
(cmd == (BIO_CB_WRITE|BIO_CB_RETURN) ? "write" : "read"),
- bio, argp);
+ (long)bio, (long)argp);
}
}
return rc;
Index: ssl_engine_kernel.c
===================================================================
RCS file: /e/modssl/cvs/mod_ssl/pkg.apache/src/modules/ssl/ssl_engine_kernel.c,v
retrieving revision 1.146
diff -u -d -r1.146 ssl_engine_kernel.c
--- ssl_engine_kernel.c 27 May 2004 13:13:32 -0000 1.146
+++ ssl_engine_kernel.c 17 Jul 2004 06:50:10 -0000
@@ -1793,10 +1793,10 @@
* Log this cache operation
*/
ssl_log(s, SSL_LOG_TRACE, "Inter-Process Session Cache: "
- "request=SET status=%s id=%s timeout=%ds (session caching)",
+ "request=SET status=%s id=%s timeout=%lds (session caching)",
rc == TRUE ? "OK" : "BAD",
SSL_SESSION_id2sz(pNew->session_id, pNew->session_id_length),
- t-time(NULL));
+ (long)(t-time(NULL)));
/*
* return 0 which means to OpenSSL that the pNew is still
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
