Red Hat Bugzilla – Bug 16387
Error prone use of syslog in errorlog.c
Last modified: 2008-05-01 11:37:57 EDT
in errorlog.c there's a call to syslog
syslog(priority, buf); (Line: 113)
that can cause problems if somebody can
get formatting chars to buf (%n for example).
I think that more secure way to call syslog is syslog(priority, "%s", buf)
Thanks a lot for pointing this out. Fixed now in our current package.
Florian La Roche