#74 syslog does not escape percent signs

Mike Sperber
run-time (53)
Andreas Bernauer

----- Forwarded message from Peter Wang <tjaden@alphalink.com.
au> -----
(posted to scsh-news)
Hello, I'm not sure what to make of this. scsh segfaults if I ask the
SUnet web server for particularly-named files.

Here's the output from the server:

# ./start-web-server -h /var/www -c /var/www/cgi-bin -p 8000 -l
syslogging activated.
zsh: segmentation fault ./start-web-server-via-image -h /var/www -c
/var/www/cgi-bin -p 8000 -l

Here's the request:

$ wget 'http://localhost:8000/1 Last Show'
--02:24:04-- http://localhost:8000/1%20Last%20Show
=> `1%20Last%20Show'
----- End forwarded message -----

I tracked this error down to the syslog facility. The problem is that
the syslog function seems not to escape the percent signs in the
syslog message. According to the man page the syslog message
string is formatted like a printf(3) string. On my Linux system the string
`1%20Last%20Show' contains a pointer to an array that is of course
not present and thus causes a segfault while calling syslog(3).

A solution may be to escape the message string before sending it
through the FFI (e.g. in scsh/syslog.scm)

The attached file contains a small scsh script that causes the scshvm
to segfault on both Linux and FreeBSD.


  • Peter Wang
    Peter Wang

    Logged In: YES

    Just tell syslog(3) "%s" then? I can't find a way to attach
    here, so I'll just paste the patch (it's trivial anyway).

    --- syslog1.c.old Thu Mar 6 04:36:12 2003
    +++ syslog1.c Fri Jun 6 23:14:38 2003
    @@ -367,7 +367,7 @@

    if (!syslog_open)
    s48_raise_string_os_error("syslog isn't open");
    - syslog(facility | level, s48_extract_string (sch_message));
    + syslog(facility | level, "%s", s48_extract_string
    return S48_UNSPECIFIC;

    • assigned_to: nobody --> sperber
    • status: open --> closed-fixed