Sophie: apache2-mod_auth_pgsql-2.0.50

apache2-mod_auth_pgsql-2.0.50_2.0.2b1-3.1.101mdk.src.rpm

--- mod_auth_pgsql-2.0.1/mod_auth_pgsql.c.cve3656
+++ mod_auth_pgsql-2.0.1/mod_auth_pgsql.c
@@ -808,7 +808,7 @@
 				return DECLINED;
 			}
 		}
-		ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, pg_errstr);
+		ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "%s", pg_errstr);
 		return res;
 	}
 
@@ -819,7 +819,7 @@
 		apr_snprintf(pg_errstr, MAX_STRING_LEN,
 					 "[mod_auth_pgsql.c] - Empty password accepted for user \"%s\"",
 					 user);
-		ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, pg_errstr);
+		ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, "%s", pg_errstr);
 		pg_log_auth_user(r, sec, user, sent_pw);
 		return OK;
 	};
@@ -831,7 +831,7 @@
 		apr_snprintf(pg_errstr, MAX_STRING_LEN,
 					 "[mod_auth_pgsql.c] - Empty password rejected for user \"%s\"",
 					 user);
-		ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, pg_errstr);
+		ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "%s", pg_errstr);
 		ap_note_basic_auth_failure(r);
 		return HTTP_UNAUTHORIZED;
 	};
@@ -861,7 +861,7 @@
 			? strcasecmp(real_pw, sent_pw) : strcmp(real_pw, sent_pw)) {
 			apr_snprintf(pg_errstr, MAX_STRING_LEN,
 						 "PG user %s: password mismatch", user);
-			ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, pg_errstr);
+			ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "%s", pg_errstr);
 			ap_note_basic_auth_failure(r);
 			return HTTP_UNAUTHORIZED;
 		}
@@ -921,7 +921,7 @@
 			apr_snprintf(pg_errstr, MAX_STRING_LEN,
 						 "mod_auth_pgsql: user %s denied, no access rules specified (PG-Authoritative)",
 						 user);
-			ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, pg_errstr);
+			ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "%s", pg_errstr);
 			ap_note_basic_auth_failure(r);
 			res = HTTP_UNAUTHORIZED;
 		} else {
@@ -951,7 +951,7 @@
 				apr_snprintf(pg_errstr, MAX_STRING_LEN,
 							 "mod_auth_pgsql: user %s denied, no access rules specified (PG-Authoritative)",
 							 user);
-				ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, pg_errstr);
+				ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "%s", pg_errstr);
 				ap_note_basic_auth_failure(r);
 				return HTTP_UNAUTHORIZED;
 			}
@@ -967,7 +967,7 @@
 			};
 
 			if (pg_errstr[0]) {
-				ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, pg_errstr);
+				ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "%s", pg_errstr);
 				return HTTP_INTERNAL_SERVER_ERROR;
 			}
 
@@ -978,7 +978,7 @@
 				apr_snprintf(pg_errstr, MAX_STRING_LEN,
 							 "[mod_auth_pgsql.c] - user %s not in right groups (PG-Authoritative)",
 							 user);
-				ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, pg_errstr);
+				ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "%s", pg_errstr);
 				ap_note_basic_auth_failure(r);
 				return HTTP_UNAUTHORIZED;
 			};