Advanced testing reveals that the session helper does not use the
string-safe functions Squid should be using.
This patch corrects that and a bit of formatting fluff in the session
helper.
Amos
--
Please use Squid 2.7.STABLE4 or 3.0.STABLE8
=== modified file 'helpers/basic_auth/MSNT/session.c'
--- helpers/basic_auth/MSNT/session.c 2007-10-31 06:32:19 +0000
+++ helpers/basic_auth/MSNT/session.c 2008-07-26 14:45:05 +0000
@@ -296,14 +296,12 @@
void
RFCNB_Get_Error(char *buffer, int buf_len)
{
-
if (RFCNB_saved_errno <= 0) {
- sprintf(buffer, "%s", RFCNB_Error_Strings[RFCNB_errno]);
+ snprintf(buffer, (buf_len-1) ,"%s", RFCNB_Error_Strings[RFCNB_errno]);
} else {
- sprintf(buffer, "%s\n\terrno:%s", RFCNB_Error_Strings[RFCNB_errno],
+ snprintf(buffer, (buf_len-1), "%s\n\terrno:%s", RFCNB_Error_Strings[RFCNB_errno],
strerror(RFCNB_saved_errno));
}
-
}
/* Pick up the last error response and returns as a code */
@@ -311,9 +309,7 @@
int
RFCNB_Get_Last_Error(void)
{
-
return (RFCNB_errno);
-
}
/* Pick up saved errno as well */
