Code a bit more defensively. If dav_lookup_uri() ever placed user

input into lookup.err.desc for the HTTP_BAD_REQUEST case, then we
could have problems (via a format string attack). This change frees us
from *future* worries.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@97233 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/modules/dav/main/mod_dav.c b/modules/dav/main/mod_dav.c
index 707fed3760d89f78910be3ea743215195f6a9811..246dadee5289d003a0d1b55e40c049aedb9070db 100644 (file)
--- a/modules/dav/main/mod_dav.c
+++ b/modules/dav/main/mod_dav.c
@@ -2522,7 +2522,7 @@ static int dav_method_copymove(request_rec *r, int is_move)
         if (lookup.err.status == HTTP_BAD_REQUEST) {
             /* This supplies additional information for the default message. */
             ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
-                          lookup.err.desc);
+                          "%s", lookup.err.desc);
             return HTTP_BAD_REQUEST;
         }
 
@@ -3684,7 +3684,7 @@ static int dav_method_update(request_rec *r)
             if (lookup.err.status == HTTP_BAD_REQUEST) {
                 /* This supplies additional information for the default message. */
                 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
-                              lookup.err.desc);
+                              "%s", lookup.err.desc);
                 return HTTP_BAD_REQUEST;
             }
 
@@ -4147,7 +4147,7 @@ static int dav_method_merge(request_rec *r)
         if (lookup.err.status == HTTP_BAD_REQUEST) {
             /* This supplies additional information for the default message. */
             ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
-                          lookup.err.desc);
+                          "%s", lookup.err.desc);
             return HTTP_BAD_REQUEST;
         }
 
@@ -4269,7 +4269,7 @@ static int dav_method_bind(request_rec *r)
         if (lookup.err.status == HTTP_BAD_REQUEST) {
             /* This supplies additional information for the default message. */
             ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
-                          lookup.err.desc);
+                          "%s", lookup.err.desc);
             return HTTP_BAD_REQUEST;
         }
         else if (lookup.err.status == HTTP_BAD_GATEWAY) {