From: Jim Jagielski Date: Sat, 21 Aug 2010 16:16:18 +0000 (+0000) Subject: * rotatelogs: Fix possible buffer overflow if admin configures a X-Git-Tag: 2.2.17~80 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b4b44e19381d51f75597f244fabb3deea1cd2f4b;p=thirdparty%2Fapache%2Fhttpd.git * rotatelogs: Fix possible buffer overflow if admin configures a mongo log file path. Trunk already has a fix. 2.2.x patch: http://people.apache.org/~trawick/rotatelogs.overflow.txt +1: trawick, rpluem, lars, jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@987780 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index 2586c267231..fc7c31181a8 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,9 @@ -*- coding: utf-8 -*- Changes with Apache 2.2.17 + *) rotatelogs: Fix possible buffer overflow if admin configures a + mongo log file path. [Jeff Trawick] + *) mod_ssl: Do not do overlapping memcpy. PR 45444 [Joe Orton] *) vhost: A purely-numeric Host: header should not be treated as a port. diff --git a/STATUS b/STATUS index d5d3b42a892..24deff195de 100644 --- a/STATUS +++ b/STATUS @@ -87,11 +87,6 @@ RELEASE SHOWSTOPPERS: PATCHES ACCEPTED TO BACKPORT FROM TRUNK: [ start all new proposals below, under PATCHES PROPOSED. ] - * rotatelogs: Fix possible buffer overflow if admin configures a - mongo log file path. - Trunk already has a fix. - 2.2.x patch: http://people.apache.org/~trawick/rotatelogs.overflow.txt - +1: trawick, rpluem, lars, jim PATCHES PROPOSED TO BACKPORT FROM TRUNK: [ New proposals should be added at the end of the list ] diff --git a/support/rotatelogs.c b/support/rotatelogs.c index 8fd99dc77de..1e7218f1ddd 100644 --- a/support/rotatelogs.c +++ b/support/rotatelogs.c @@ -248,7 +248,7 @@ int main (int argc, const char * const argv[]) apr_strftime(buf2, &rs, sizeof(buf2), szLogRoot, &e); } else { - sprintf(buf2, "%s.%010d", szLogRoot, tLogStart); + apr_snprintf(buf2, sizeof(buf2), "%s.%010d", szLogRoot, tLogStart); } tLogEnd = tLogStart + tRotation; pfile_prev = pfile;