From 7908f2c6b5be419f8f4031876139953d4ee8340d Mon Sep 17 00:00:00 2001
From: Ian Jackson <ijackson@chiark.greenend.org.uk>
Date: Sun, 12 Jun 2011 20:00:10 +0100
Subject: [PATCH] possible security fix: do not call slilog with intended
 message as format string

vMessage would call slilog with part of the intended log message as
the format string.  This is a potential format string vulnerability,
detected by -Wformat-security.

I have not analysed the code in detail to determine in exactly which
circumstances a secnet installation will be vulnerable, but in general
a vulnerability (at least for DOS) will exist in any situation where
an attacker can cause a log message to contain things which look like
printf directives.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
---
 log.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/log.c b/log.c
index f4ef800..837ed55 100644
--- a/log.c
+++ b/log.c
@@ -29,7 +29,7 @@ static void vMessage(uint32_t class, const char *message, va_list args)
 	/* Each line is sent separately */
 	while ((nlp=strchr(buff,'\n'))) {
 	    *nlp=0;
-	    slilog(system_log,class,buff);
+	    slilog(system_log,class,"%s",buff);
 	    memmove(buff,nlp+1,strlen(nlp+1)+1);
 	}
     } else {
-- 
2.30.2