ossp-pkg/lmtp2nntp/00TODO 1.61 -> 1.62
--- 00TODO 2002/07/29 11:39:43 1.61
+++ 00TODO 2003/01/30 19:18:57 1.62
@@ -76,26 +76,5 @@
potential to merge post/header modes -h [Newsgroups:${_EnvelopeRCPT}\n]
-===================================================================
-RCS file: /e/ossp/cvs/ossp-pkg/fsl/fsl.c,v
-retrieving revision 1.22
-retrieving revision 1.21
-diff -r1.22 -r1.21
-341c341
-< if ((l2rv = l2_spec(&ch, ctx.l2_fslenv, "%s", argl2spec)) != L2_OK) {
----
-> if ((l2rv = l2_spec(&ch, ctx.l2_fslenv, argl2spec)) != L2_OK) {
-513c513
-< if ((l2rv = l2_spec(&ch, ctx.l2_env, "%s", argl2spec)) != L2_OK) {
----
-> if ((l2rv = l2_spec(&ch, ctx.l2_env, argl2spec)) != L2_OK) {
-
-Fix a big security hole: the l2_spec() is a varargs function which gets
-a format string and variable arguments. In case only a fixed string is
-used we have to use "%s" as the format string or else "%x" in the string
-is treated like a formatter (and hence cause a segfault or whatever
-else if it tries to fetch args from the stack). This especially also no
-longer requires the formatters to be written %%X...
-
- consider using lib_cfg for configuration file parsing
+ consider using lib_cfg for configuration file parsing
|
|
