From: Ian Jackson Date: Sun, 12 Jun 2011 19:00:10 +0000 (+0100) Subject: possible security fix: do not call slilog with intended message as format string X-Git-Tag: v0.2.0~81 X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ian/git?p=secnet.git;a=commitdiff_plain;h=7908f2c6b5be419f8f4031876139953d4ee8340d possible security fix: do not call slilog with intended message as format string vMessage would call slilog with part of the intended log message as the format string. This is a potential format string vulnerability, detected by -Wformat-security. I have not analysed the code in detail to determine in exactly which circumstances a secnet installation will be vulnerable, but in general a vulnerability (at least for DOS) will exist in any situation where an attacker can cause a log message to contain things which look like printf directives. Signed-off-by: Ian Jackson --- diff --git a/log.c b/log.c index f4ef800..837ed55 100644 --- a/log.c +++ b/log.c @@ -29,7 +29,7 @@ static void vMessage(uint32_t class, const char *message, va_list args) /* Each line is sent separately */ while ((nlp=strchr(buff,'\n'))) { *nlp=0; - slilog(system_log,class,buff); + slilog(system_log,class,"%s",buff); memmove(buff,nlp+1,strlen(nlp+1)+1); } } else {