Author: mturk Date: Fri Mar 17 01:35:16 2006 New Revision: 386592 URL: http://svn.apache.org/viewcvs?rev=386592&view=rev Log: Fix #37332 -- potential misuse of buffer length with snprintf functions.
Modified: tomcat/connectors/trunk/jk/native/common/jk_util.c tomcat/connectors/trunk/jk/xdocs/changelog.xml Modified: tomcat/connectors/trunk/jk/native/common/jk_util.c URL: http://svn.apache.org/viewcvs/tomcat/connectors/trunk/jk/native/common/jk_util.c?rev=386592&r1=386591&r2=386592&view=diff ============================================================================== --- tomcat/connectors/trunk/jk/native/common/jk_util.c (original) +++ tomcat/connectors/trunk/jk/native/common/jk_util.c Fri Mar 17 01:35:16 2006 @@ -315,8 +315,8 @@ used += sprintf(&buf[used], "[%04d:%04d] ", getpid(), jk_gettid()); #else - used += snprintf(&buf[used], HUGE_BUFFER_SIZE, "[%04d:%04d] ", - getpid(), jk_gettid()); + used += snprintf(&buf[used], HUGE_BUFFER_SIZE - used, + "[%04d:%04d] ", getpid(), jk_gettid()); #endif if (used < 0) { return 0; @@ -338,8 +338,8 @@ used += sprintf(&buf[used], "%s (%d): ", f, line); #else if (line) - used += snprintf(&buf[used], HUGE_BUFFER_SIZE, "%s (%d): ", - f, line); + used += snprintf(&buf[used], HUGE_BUFFER_SIZE - used, + "%s (%d): ", f, line); #endif if (used < 0) { return 0; /* [V] not sure what to return... */ Modified: tomcat/connectors/trunk/jk/xdocs/changelog.xml URL: http://svn.apache.org/viewcvs/tomcat/connectors/trunk/jk/xdocs/changelog.xml?rev=386592&r1=386591&r2=386592&view=diff ============================================================================== --- tomcat/connectors/trunk/jk/xdocs/changelog.xml (original) +++ tomcat/connectors/trunk/jk/xdocs/changelog.xml Fri Mar 17 01:35:16 2006 @@ -26,6 +26,10 @@ <subsection name="Native"> <changelog> <fix> + <bug>37332</bug>: Fix potential misuse of buffer length with + snprintf functions. (mturk) + </fix> + <fix> <bug>38859</bug>: Protect mod_jk against buggy or malicious AJP servers in the backend. Patch provided by Ruediger Pluem. (mturk) </fix> --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]