Revision: 14394
          
http://harbour-project.svn.sourceforge.net/harbour-project/?rev=14394&view=rev
Author:   druzus
Date:     2010-04-26 09:44:13 +0000 (Mon, 26 Apr 2010)

Log Message:
-----------
2010-04-26 11:44 UTC+0200 Przemyslaw Czerpak (druzus/at/priv.onet.pl)
  * harbour/src/common/hbtrace.c
    ! fixed potential GPF/memory corruption due to direct passing formatted
      string as format to syslog() function. Please remember to never create
      code like 'printf( str );' if str can contain printf escape characters
      because it may cause any unpredictable results. Always use
      'printf( "%s", str);' in such context.
      BTW It's one of the most common bug used by hackers in buffer/stack
      overflow attacks, i.e. using str with %n conversion specifier.
    % eliminated unnecessary buffer conversion in *nix builds

Modified Paths:
--------------
    trunk/harbour/ChangeLog
    trunk/harbour/src/common/hbtrace.c


This was sent by the SourceForge.net collaborative development platform, the 
world's largest Open Source development site.
_______________________________________________
Harbour mailing list (attachment size limit: 40KB)
Harbour@harbour-project.org
http://lists.harbour-project.org/mailman/listinfo/harbour

Reply via email to