From 6e66831b4ae6801fd5739b9799dec076ea6d16ed Mon Sep 17 00:00:00 2001
From: Rainer Jung <rjung@apache.org>
Date: Fri, 20 Aug 2010 12:55:42 +0000
Subject: [PATCH] Fix broken "creationdate" property in mod_dav_fs and remove
 remaining uses of sprintf() in the dav modules.

This is a regression in 2.3.7 introduced by r931434.
It calls sizeof() for a function parameter, which only returns the
pointer size, not the size of the char array. Thus the
"creationdate" property got truncated to three characters.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@987484 13f79535-47bb-0310-9956-ffa450edef68
---
 CHANGES                      |  6 ++++++
 modules/dav/fs/dbm.c         |  2 +-
 modules/dav/fs/repos.c       | 21 ++++++++++-----------
 modules/dav/main/util_lock.c | 10 +++-------
 4 files changed, 20 insertions(+), 19 deletions(-)

diff --git a/CHANGES b/CHANGES
index 9060ecf57b..d716eaadf1 100644
--- a/CHANGES
+++ b/CHANGES
@@ -5,6 +5,12 @@ Changes with Apache 2.3.8
   *) mod_proxy: Rename erroronstatus to failonstatus.
      [Daniel Ruggeri <DRuggeri primary.net>]
 
+  *) mod_dav_fs: Fix broken "creationdate" property.
+     Regression in version 2.3.7. [Rainer Jung]
+
+  *) mod_dav, mod_dav_fs: Replace remaining uses of sprintf()
+     by apr_snprintf(). [Rainer Jung]
+
 Changes with Apache 2.3.7
 
   *) SECURITY: CVE-2010-1452 (cve.mitre.org)
diff --git a/modules/dav/fs/dbm.c b/modules/dav/fs/dbm.c
index 0fca875200..e5c2dca4dc 100644
--- a/modules/dav/fs/dbm.c
+++ b/modules/dav/fs/dbm.c
@@ -311,7 +311,7 @@ static apr_datum_t dav_build_key(dav_db *db, const dav_prop_name *name)
             return key;         /* zeroed */
         }
 
-        l_ns = sprintf(nsbuf, "%ld", ns_id - 1);
+        l_ns = apr_snprintf(nsbuf, sizeof(nsbuf), "%ld", ns_id - 1);
     }
 
     /* assemble: #:name */
diff --git a/modules/dav/fs/repos.c b/modules/dav/fs/repos.c
index 91c9d63afb..58cd7059a9 100644
--- a/modules/dav/fs/repos.c
+++ b/modules/dav/fs/repos.c
@@ -293,7 +293,7 @@ dav_error * dav_fs_dir_file_name(
 
 /* Note: picked up from ap_gm_timestr_822() */
 /* NOTE: buf must be at least DAV_TIMEBUF_SIZE chars in size */
-static void dav_format_time(int style, apr_time_t sec, char *buf)
+static void dav_format_time(int style, apr_time_t sec, char *buf, apr_size_t buflen)
 {
     apr_time_exp_t tms;
 
@@ -304,7 +304,7 @@ static void dav_format_time(int style, apr_time_t sec, char *buf)
         /* ### should we use "-00:00" instead of "Z" ?? */
 
         /* 20 chars plus null term */
-        apr_snprintf(buf, sizeof(buf), "%.4d-%.2d-%.2dT%.2d:%.2d:%.2dZ",
+        apr_snprintf(buf, buflen, "%.4d-%.2d-%.2dT%.2d:%.2d:%.2dZ",
                      tms.tm_year + 1900, tms.tm_mon + 1, tms.tm_mday,
                      tms.tm_hour, tms.tm_min, tms.tm_sec);
         return;
@@ -313,12 +313,11 @@ static void dav_format_time(int style, apr_time_t sec, char *buf)
     /* RFC 822 date format; as strftime '%a, %d %b %Y %T GMT' */
 
     /* 29 chars plus null term */
-    sprintf(buf,
-            "%s, %.2d %s %d %.2d:%.2d:%.2d GMT",
-           apr_day_snames[tms.tm_wday],
-           tms.tm_mday, apr_month_snames[tms.tm_mon],
-           tms.tm_year + 1900,
-           tms.tm_hour, tms.tm_min, tms.tm_sec);
+    apr_snprintf(buf, buflen, "%s, %.2d %s %d %.2d:%.2d:%.2d GMT",
+                 apr_day_snames[tms.tm_wday],
+                 tms.tm_mday, apr_month_snames[tms.tm_mon],
+                 tms.tm_year + 1900,
+                 tms.tm_hour, tms.tm_min, tms.tm_sec);
 }
 
 /* Copy or move src to dst; src_finfo is used to propagate permissions
@@ -1940,7 +1939,7 @@ static dav_prop_insert dav_fs_insert_prop(const dav_resource *resource,
         */
         dav_format_time(DAV_STYLE_ISO8601,
                         resource->info->finfo.ctime,
-                        buf);
+                        buf, sizeof(buf));
         value = buf;
         break;
 
@@ -1949,7 +1948,7 @@ static dav_prop_insert dav_fs_insert_prop(const dav_resource *resource,
         if (resource->collection)
             return DAV_PROP_INSERT_NOTDEF;
 
-        (void) sprintf(buf, "%" APR_OFF_T_FMT, resource->info->finfo.size);
+        apr_snprintf(buf, sizeof(buf), "%" APR_OFF_T_FMT, resource->info->finfo.size);
         value = buf;
         break;
 
@@ -1960,7 +1959,7 @@ static dav_prop_insert dav_fs_insert_prop(const dav_resource *resource,
     case DAV_PROPID_getlastmodified:
         dav_format_time(DAV_STYLE_RFC822,
                         resource->info->finfo.mtime,
-                        buf);
+                        buf, sizeof(buf));
         value = buf;
         break;
 
diff --git a/modules/dav/main/util_lock.c b/modules/dav/main/util_lock.c
index 3dd131b221..b402a9984a 100644
--- a/modules/dav/main/util_lock.c
+++ b/modules/dav/main/util_lock.c
@@ -21,10 +21,6 @@
 #include "apr.h"
 #include "apr_strings.h"
 
-#if APR_HAVE_STDIO_H
-#include <stdio.h>              /* for sprintf() */
-#endif
-
 #include "mod_dav.h"
 #include "http_log.h"
 #include "http_config.h"
@@ -118,8 +114,8 @@ DAV_DECLARE(const char *) dav_lock_get_activelock(request_rec *r,
             break;
         }
         dav_buffer_append(p, pbuf, "</D:lockscope>" DEBUG_CR);
-        sprintf(tmp, "<D:depth>%s</D:depth>" DEBUG_CR,
-                lock->depth == DAV_INFINITY ? "infinity" : "0");
+        apr_snprintf(tmp, sizeof(tmp), "<D:depth>%s</D:depth>" DEBUG_CR,
+                     lock->depth == DAV_INFINITY ? "infinity" : "0");
         dav_buffer_append(p, pbuf, tmp);
 
         if (lock->owner) {
@@ -137,7 +133,7 @@ DAV_DECLARE(const char *) dav_lock_get_activelock(request_rec *r,
         }
         else {
             time_t now = time(NULL);
-            sprintf(tmp, "Second-%lu", (long unsigned int)(lock->timeout - now));
+            apr_snprintf(tmp, sizeof(tmp), "Second-%lu", (long unsigned int)(lock->timeout - now));
             dav_buffer_append(p, pbuf, tmp);
         }
 
-- 
2.40.0