Bug 16387 - Error prone use of syslog in errorlog.c
Error prone use of syslog in errorlog.c
Status: CLOSED RAWHIDE
Product: Red Hat Linux
Classification: Retired
Component: ypbind (Show other bugs)
6.2
All Linux
medium Severity medium
: ---
: ---
Assigned To: Florian La Roche
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2000-08-16 14:01 EDT by Jarno Huuskonen
Modified: 2008-05-01 11:37 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2000-08-16 14:01:47 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jarno Huuskonen 2000-08-16 14:01:46 EDT
Hi !

in errorlog.c there's a call to syslog
 syslog(priority, buf);  (Line: 113)
that can cause problems if somebody can
get formatting chars to buf (%n for example).

I think that more secure way to call syslog is syslog(priority, "%s", buf)

-Jarno
Comment 1 Florian La Roche 2000-08-20 04:17:35 EDT
Thanks a lot for pointing this out. Fixed now in our current package.

Florian La Roche

Note You need to log in before you can comment on or make changes to this bug.