16387 – Error prone use of syslog in errorlog.c

Bug 16387 - Error prone use of syslog in errorlog.c

Summary: Error prone use of syslog in errorlog.c

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Red Hat Linux
Classification:	Retired
Component:	ypbind
Sub Component:
Version:	6.2
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Florian La Roche
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2000-08-16 18:01 UTC by Jarno Huuskonen
Modified:	2008-05-01 15:37 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2000-08-16 18:01:47 UTC
Embargoed:

Attachments	(Terms of Use)

Description Jarno Huuskonen 2000-08-16 18:01:46 UTC

Hi !

in errorlog.c there's a call to syslog
 syslog(priority, buf);  (Line: 113)
that can cause problems if somebody can
get formatting chars to buf (%n for example).

I think that more secure way to call syslog is syslog(priority, "%s", buf)

-Jarno

Comment 1 Florian La Roche 2000-08-20 08:17:35 UTC

Thanks a lot for pointing this out. Fixed now in our current package.

Florian La Roche

Note You need to log in before you can comment on or make changes to this bug.