Security Fix Index: libneon/ne_207.c --- libneon/ne_207.c.orig 2003-07-23 23:48:21.000000000 +0200 +++ libneon/ne_207.c 2004-04-16 18:26:08.000000000 +0200 @@ -320,12 +320,12 @@ if (ne_get_status(req)->code == 207) { if (!ne_xml_valid(p)) { /* The parse was invalid */ - ne_set_error(sess, ne_xml_get_error(p)); + ne_set_error(sess, "%s", ne_xml_get_error(p)); ret = NE_ERROR; } else if (ctx.is_error) { /* If we've actually got any error information * from the 207, then set that as the error */ - ne_set_error(sess, ctx.buf->data); + ne_set_error(sess, "%s", ctx.buf->data); ret = NE_ERROR; } } else if (ne_get_status(req)->klass != 2) { Index: libneon/ne_auth.c --- libneon/ne_auth.c.orig 2003-07-24 00:16:18.000000000 +0200 +++ libneon/ne_auth.c 2004-04-16 18:26:08.000000000 +0200 @@ -1062,7 +1062,7 @@ if (areq->auth_info_hdr != NULL && verify_response(areq, sess, areq->auth_info_hdr)) { NE_DEBUG(NE_DBG_HTTPAUTH, "Response authentication invalid.\n"); - ne_set_error(sess->sess, _(sess->spec->fail_msg)); + ne_set_error(sess->sess, "%s", _(sess->spec->fail_msg)); ret = NE_ERROR; } else if (status->code == sess->spec->status_code && areq->auth_hdr != NULL) { Index: libneon/ne_locks.c --- libneon/ne_locks.c.orig 2003-06-19 00:10:58.000000000 +0200 +++ libneon/ne_locks.c 2004-04-16 18:26:08.000000000 +0200 @@ -734,7 +734,7 @@ } else if (parse_failed) { ret = NE_ERROR; - ne_set_error(sess, ne_xml_get_error(parser)); + ne_set_error(sess, "%s", ne_xml_get_error(parser)); } else if (ne_get_status(req)->code == 207) { ret = NE_ERROR; @@ -802,7 +802,7 @@ if (ret == NE_OK && ne_get_status(req)->klass == 2) { if (parse_failed) { ret = NE_ERROR; - ne_set_error(sess, ne_xml_get_error(parser)); + ne_set_error(sess, "%s", ne_xml_get_error(parser)); } else if (ne_get_status(req)->code == 207) { ret = NE_ERROR; Index: libneon/ne_props.c --- libneon/ne_props.c.orig 2003-06-19 00:10:58.000000000 +0200 +++ libneon/ne_props.c 2004-04-16 18:26:08.000000000 +0200 @@ -142,7 +142,7 @@ if (ret == NE_OK && ne_get_status(req)->klass != 2) { ret = NE_ERROR; } else if (!ne_xml_valid(handler->parser)) { - ne_set_error(handler->sess, ne_xml_get_error(handler->parser)); + ne_set_error(handler->sess, "%s", ne_xml_get_error(handler->parser)); ret = NE_ERROR; } Index: libneon/ne_xml.c --- libneon/ne_xml.c.orig 2003-05-10 18:05:59.000000000 +0200 +++ libneon/ne_xml.c 2004-04-16 18:26:08.000000000 +0200 @@ -538,7 +538,7 @@ void ne_xml_set_error(ne_xml_parser *p, const char *msg) { - ne_snprintf(p->error, ERR_SIZE, msg); + ne_snprintf(p->error, ERR_SIZE, "%s", msg); } #ifdef HAVE_LIBXML ----------------------------------------------------------------------------- Security Fix OpenPKG-SA-2004.024-neon, CAN-2004-0398 Index: libneon/ne_dates.c --- libneon/ne_dates.c.orig 2003-04-07 21:01:46.000000000 +0200 +++ libneon/ne_dates.c 2004-05-19 21:55:14.000000000 +0200 @@ -47,7 +47,7 @@ /* RFC1123: Sun, 06 Nov 1994 08:49:37 GMT */ #define RFC1123_FORMAT "%3s, %02d %3s %4d %02d:%02d:%02d GMT" /* RFC850: Sunday, 06-Nov-94 08:49:37 GMT */ -#define RFC1036_FORMAT "%s %2d-%3s-%2d %2d:%2d:%2d GMT" +#define RFC1036_FORMAT "%10s %2d-%3s-%2d %2d:%2d:%2d GMT" /* asctime: Wed Jun 30 21:49:08 1993 */ #define ASCTIME_FORMAT "%3s %3s %2d %2d:%2d:%2d %4d" @@ -133,7 +133,7 @@ time_t ne_rfc1123_parse(const char *date) { struct tm gmt = {0}; - static char wkday[4], mon[4]; + char wkday[4], mon[4]; int n; /* it goes: Sun, 06 Nov 1994 08:49:37 GMT */ n = sscanf(date, RFC1123_FORMAT, @@ -156,7 +156,7 @@ { struct tm gmt = {0}; int n; - static char wkday[10], mon[4]; + char wkday[11], mon[4]; /* RFC850/1036 style dates: Sunday, 06-Nov-94 08:49:37 GMT */ n = sscanf(date, RFC1036_FORMAT, wkday, &gmt.tm_mday, mon, &gmt.tm_year, @@ -189,7 +189,7 @@ { struct tm gmt = {0}; int n; - static char wkday[4], mon[4]; + char wkday[4], mon[4]; n = sscanf(date, ASCTIME_FORMAT, wkday, mon, &gmt.tm_mday, &gmt.tm_hour, &gmt.tm_min, &gmt.tm_sec,