Bug 55455 - syslog missing a parameter in util linux.c
syslog missing a parameter in util linux.c
Product: Red Hat Linux
Classification: Retired
Component: util-linux (Show other bugs)
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Elliot Lee
Ben Levenson
Depends On:
  Show dependency treegraph
Reported: 2001-10-31 11:35 EST by Tim Woodall
Modified: 2007-04-18 12:37 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2001-10-31 11:36:21 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
fixes missing parameter to syslog in login.c (403 bytes, patch)
2001-10-31 11:36 EST, Tim Woodall
no flags Details | Diff

  None (edit)
Description Tim Woodall 2001-10-31 11:35:15 EST
Description of Problem:
syslog missing a parameter in util linux.c - parameters do not match 
format string.

Version-Release number of selected component (if applicable):

How Reproducible:
Compile time problem (in code only reached during error conditions)

Steps to Reproduce:
Compile login.c
Note warnings:
warning: format argument is not a pointer (arg4)
warning: too few arguments for format

Actual Results:

Expected Results:

Additional Information:
I don't think that this line should ever be reached in normal usage.

However, it can be reached on ENOMEM error from getpwnam() which will 
then result in login coredumping due to passing an integer parameter to a 
%s format.

I don't believe so but this might just be exploitable if an already 
logged in user can consume all the available memory. (I'm not an expert 
on exploiting format string bugs)

I have attached a patch (below)
Comment 1 Tim Woodall 2001-10-31 11:36:16 EST
Created attachment 35845 [details]
fixes missing parameter to syslog in login.c
Comment 2 Elliot Lee 2001-11-12 17:46:06 EST
Fixed as part of the fix to bug #54741

Note You need to log in before you can comment on or make changes to this bug.