Package: jesred / 1.2pl1-22

01-logfix Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
Author: Alexander Zangerl <az@debian.org>
Subject: #487976 fix logging safety

--- a/log.c
+++ b/log.c
@@ -71,7 +71,8 @@ log(log_code c, char *format, ...) {
     struct timeval current_time;
     
     va_start(args, format);
-    if(vsprintf(msg, format, args) > (BUFSIZE - 1)) {
+    /* Use a safe printf function*/
+    if(vsnprintf(msg, BUFSIZE, format, args) > (BUFSIZE - 1)) {
 	/* string is longer than the maximum buffer we specified,
 	   so just return */
 	return;