--- mod_auth_pgsql-2.0.1/mod_auth_pgsql.c.cve3656 +++ mod_auth_pgsql-2.0.1/mod_auth_pgsql.c @@ -808,7 +808,7 @@ return DECLINED; } } - ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, pg_errstr); + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "%s", pg_errstr); return res; } @@ -819,7 +819,7 @@ apr_snprintf(pg_errstr, MAX_STRING_LEN, "[mod_auth_pgsql.c] - Empty password accepted for user \"%s\"", user); - ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, pg_errstr); + ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, "%s", pg_errstr); pg_log_auth_user(r, sec, user, sent_pw); return OK; }; @@ -831,7 +831,7 @@ apr_snprintf(pg_errstr, MAX_STRING_LEN, "[mod_auth_pgsql.c] - Empty password rejected for user \"%s\"", user); - ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, pg_errstr); + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "%s", pg_errstr); ap_note_basic_auth_failure(r); return HTTP_UNAUTHORIZED; }; @@ -861,7 +861,7 @@ ? strcasecmp(real_pw, sent_pw) : strcmp(real_pw, sent_pw)) { apr_snprintf(pg_errstr, MAX_STRING_LEN, "PG user %s: password mismatch", user); - ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, pg_errstr); + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "%s", pg_errstr); ap_note_basic_auth_failure(r); return HTTP_UNAUTHORIZED; } @@ -921,7 +921,7 @@ apr_snprintf(pg_errstr, MAX_STRING_LEN, "mod_auth_pgsql: user %s denied, no access rules specified (PG-Authoritative)", user); - ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, pg_errstr); + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "%s", pg_errstr); ap_note_basic_auth_failure(r); res = HTTP_UNAUTHORIZED; } else { @@ -951,7 +951,7 @@ apr_snprintf(pg_errstr, MAX_STRING_LEN, "mod_auth_pgsql: user %s denied, no access rules specified (PG-Authoritative)", user); - ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, pg_errstr); + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "%s", pg_errstr); ap_note_basic_auth_failure(r); return HTTP_UNAUTHORIZED; } @@ -967,7 +967,7 @@ }; if (pg_errstr[0]) { - ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, pg_errstr); + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "%s", pg_errstr); return HTTP_INTERNAL_SERVER_ERROR; } @@ -978,7 +978,7 @@ apr_snprintf(pg_errstr, MAX_STRING_LEN, "[mod_auth_pgsql.c] - user %s not in right groups (PG-Authoritative)", user); - ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, pg_errstr); + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "%s", pg_errstr); ap_note_basic_auth_failure(r); return HTTP_UNAUTHORIZED; };