chiark / gitweb /
possible security fix: do not call slilog with intended message as format string
authorIan Jackson <ijackson@chiark.greenend.org.uk>
Sun, 12 Jun 2011 19:00:10 +0000 (20:00 +0100)
committerIan Jackson <ijackson@chiark.greenend.org.uk>
Sun, 19 Jun 2011 15:38:42 +0000 (16:38 +0100)
vMessage would call slilog with part of the intended log message as
the format string.  This is a potential format string vulnerability,
detected by -Wformat-security.

I have not analysed the code in detail to determine in exactly which
circumstances a secnet installation will be vulnerable, but in general
a vulnerability (at least for DOS) will exist in any situation where
an attacker can cause a log message to contain things which look like
printf directives.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
log.c

diff --git a/log.c b/log.c
index f4ef800..837ed55 100644 (file)
--- a/log.c
+++ b/log.c
@@ -29,7 +29,7 @@ static void vMessage(uint32_t class, const char *message, va_list args)
        /* Each line is sent separately */
        while ((nlp=strchr(buff,'\n'))) {
            *nlp=0;
-           slilog(system_log,class,buff);
+           slilog(system_log,class,"%s",buff);
            memmove(buff,nlp+1,strlen(nlp+1)+1);
        }
     } else {