Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 43329 Details for
Bug 70090
www-client/prozilla: multiple vulnerabilities -> Remove from tree
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
...the first diff....
diff1.diff (text/plain), 1.88 KB, created by
Florian Schilhabel (RETIRED)
on 2004-11-05 03:50:29 UTC
(
hide
)
Description:
...the first diff....
Filename:
MIME Type:
Creator:
Florian Schilhabel (RETIRED)
Created:
2004-11-05 03:50:29 UTC
Size:
1.88 KB
patch
obsolete
>diff -Naur ./prozilla-1.3.6/src/http-retr.c ./prozilla-1.3.6_new/src/http-retr.c >--- ./prozilla-1.3.6/src/http-retr.c 2001-08-18 01:38:29.000000000 +0200 >+++ ./prozilla-1.3.6_new/src/http-retr.c 2004-11-05 12:19:02.233187528 +0100 >@@ -189,14 +189,14 @@ > /* > * get the headers by sending GET > */ >- sprintf(buffer, >+ snprintf(buffer, sizeof(buffer), > "GET %s HTTP/1.0\r\nUser-Agent: %s%s\r\nHost: %s\r\nAccept: */*\r\nRange: bytes=%ld-%ld\r\n%s%s\r\n", > connection->u.path, PACKAGE_NAME, VERSION, > connection->u.host, > connection->remote_startpos, connection->remote_endpos, > referer ? referer : "", > wwwauth ? wwwauth : ""); >- >+ buffer[sizeof(buffer)-1] = '\0'; > > debug_prz("HTTP request= %s\n", buffer); > >diff -Naur ./prozilla-1.3.6/src/http.c ./prozilla-1.3.6_new/src/http.c >--- ./prozilla-1.3.6/src/http.c 2001-08-18 01:38:29.000000000 +0200 >+++ ./prozilla-1.3.6_new/src/http.c 2004-11-05 12:16:26.933796624 +0100 >@@ -375,12 +375,12 @@ > with HEAD */ > > >- sprintf(buffer, >+ snprintf(buffer, sizeof(buffer), > "HEAD %s HTTP/1.0\r\nUser-Agent: %s%s\r\nHost: %s\r\nAccept: */*\r\n%s%s\r\n", > u->path, PACKAGE_NAME, VERSION, u->host, > referer ? referer : "", > wwwauth ? wwwauth : ""); >- >+ buffer[sizeof(buffer)-1] = '\0'; > debug_prz("HTTP request= %s\n", buffer); > > err = http_fetch_headers(sock, u, hs, buffer); >diff -Naur ./prozilla-1.3.6/src/main.c ./prozilla-1.3.6_new/src/main.c >--- ./prozilla-1.3.6/src/main.c 2001-08-18 01:38:31.000000000 +0200 >+++ ./prozilla-1.3.6_new/src/main.c 2004-11-05 12:37:09.385915192 +0100 >@@ -1152,10 +1152,10 @@ > > int die(const char *args, ...) > { >- char p[MAX_MSG_SIZE]; >+ char p[MAX_MSG_SIZE] = {'\0'}; > va_list vp; > va_start(vp, args); >- vsprintf(p, args, vp); >+ vsnprintf(p, sizeof(p),args, vp); > va_end(vp); > > /* indicate that we are out of the display loop */
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 70090
: 43329 |
49511
|
54684
|
67521