Bug 55455 - syslog missing a parameter in util linux.c
Summary: syslog missing a parameter in util linux.c
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: util-linux
Version: 7.1
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Elliot Lee
QA Contact: Ben Levenson
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2001-10-31 16:35 UTC by Tim Woodall
Modified: 2007-04-18 16:37 UTC (History)
1 user (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2001-10-31 16:36:21 UTC
Embargoed:


Attachments (Terms of Use)
fixes missing parameter to syslog in login.c (403 bytes, patch)
2001-10-31 16:36 UTC, Tim Woodall
no flags Details | Diff

Description Tim Woodall 2001-10-31 16:35:15 UTC
Description of Problem:
syslog missing a parameter in util linux.c - parameters do not match 
format string.

Version-Release number of selected component (if applicable):
util-linux-2.11f

How Reproducible:
Compile time problem (in code only reached during error conditions)

Steps to Reproduce:
Compile login.c
Note warnings:
warning: format argument is not a pointer (arg4)
warning: too few arguments for format
 

Actual Results:
N/A

Expected Results:
N/A

Additional Information:
I don't think that this line should ever be reached in normal usage.

However, it can be reached on ENOMEM error from getpwnam() which will 
then result in login coredumping due to passing an integer parameter to a 
%s format.

I don't believe so but this might just be exploitable if an already 
logged in user can consume all the available memory. (I'm not an expert 
on exploiting format string bugs)

I have attached a patch (below)

Comment 1 Tim Woodall 2001-10-31 16:36:16 UTC
Created attachment 35845 [details]
fixes missing parameter to syslog in login.c

Comment 2 Elliot Lee 2001-11-12 22:46:06 UTC
Fixed as part of the fix to bug #54741


Note You need to log in before you can comment on or make changes to this bug.