From: Sam S. <sd...@gn...> - 2005-12-23 19:28:33
|
> * J=C3=B6rg H=C3=B6hle <ub...@hf...g> [2005-12-22 16:52:0= 0 +0000]: > > Update of /cvsroot/clisp/clisp/modules/syscalls > In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv22145/modules/sysca= lls > > Modified Files: > calls.c=20 > Log Message: > typical buffer overflow vulnerability: must use syslog("%s",string) > > Index: calls.c > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > RCS file: /cvsroot/clisp/clisp/modules/syscalls/calls.c,v > retrieving revision 1.162 > retrieving revision 1.163 > diff -u -d -r1.162 -r1.163 > --- calls.c 16 Dec 2005 19:21:06 -0000 1.162 > +++ calls.c 22 Dec 2005 16:51:58 -0000 1.163 > @@ -325,7 +325,7 @@ > check_syslog_severity(STACK_2) | check_syslog_facility(STACK_1); > with_string_0(STACK_0 =3D check_string(STACK_0),GLO(misc_encoding),mes= g, { > begin_system_call(); > - syslog(priority,mesg); > + syslog(priority,"%s",mesg); > end_system_call(); > }); > VALUES0; skipSTACK(3); you forgot about "%m". I reverted your patch and added comments, but I welcome a discussion. --=20 Sam Steingold (http://www.podval.org/~sds) running w2k http://ffii.org/ http://www.savegushkatif.org http://www.dhimmi.com/ http://www.jihadwatch.org/ http://www.camera.org http://www.iris.org.il This message is rot13 encrypted (twice!); reading it violates DMCA. |