Bug 16387 - Error prone use of syslog in errorlog.c
Summary: Error prone use of syslog in errorlog.c
Status: CLOSED RAWHIDE
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: ypbind   
(Show other bugs)
Version: 6.2
Hardware: All Linux
medium
medium
Target Milestone: ---
Assignee: Florian La Roche
QA Contact:
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2000-08-16 18:01 UTC by Jarno Huuskonen
Modified: 2008-05-01 15:37 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2000-08-16 18:01:47 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Jarno Huuskonen 2000-08-16 18:01:46 UTC
Hi !

in errorlog.c there's a call to syslog
 syslog(priority, buf);  (Line: 113)
that can cause problems if somebody can
get formatting chars to buf (%n for example).

I think that more secure way to call syslog is syslog(priority, "%s", buf)

-Jarno

Comment 1 Florian La Roche 2000-08-20 08:17:35 UTC
Thanks a lot for pointing this out. Fixed now in our current package.

Florian La Roche



Note You need to log in before you can comment on or make changes to this bug.