File: 13-Potential-format-string-vulnerability.patch

package info (click to toggle)
super 3.30.1-1
  • links: PTS, VCS
  • area: main
  • in suites: buster
  • size: 1,860 kB
  • sloc: ansic: 24,673; sh: 297; makefile: 296
file content (84 lines) | stat: -rw-r--r-- 2,212 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
From: Robert Luberda <robert@debian.org>
Date: Sat, 7 Jan 2012 12:53:33 +0100
Subject: 13 Potential format string vulnerability.

Fix potential format string vulnerability that
might occur if the user of file name or file name
used in the tag contains a '%' character.
---
 error.c | 26 ++++++++++----------------
 1 file changed, 10 insertions(+), 16 deletions(-)

diff --git a/error.c b/error.c
index 1a2ae48..3398434 100644
--- a/error.c
+++ b/error.c
@@ -188,14 +188,16 @@ int fac;
 }
 
 void
-SysLog(pri, buf)
+SysLog(pri, user, buf, tag)
 int pri;
+char *user;
 char *buf;
+char *tag;
 {
     if (using_rsyslog) {
-	rsyslog(pri, "%s", buf);
+	rsyslog(pri, "(%s) %s%s", user, buf, (tag ? tag : ""));
     } else {
-	syslog(pri, "%s", buf);
+	syslog(pri, "(%s) %s%s", user, buf, (tag ? tag : ""));
     }
 }
 
@@ -336,21 +338,17 @@ Error(
 
 #ifdef HAVE_SYSLOG_H
     if (error_syslog) {
-	char newfmt[MAXPRINT], buf[MAXPRINT];
+	char buf[MAXPRINT];
 	if (!openlog_done) {
 	    OpenLog(error_prog ? error_prog : "", 0, error_facility);
 	    openlog_done = 1;
 	}
-	sprintf(newfmt, "(%s) ", error_user ? error_user : user);
-	StrLCat(newfmt, fmt, sizeof(newfmt));
-	if (tag)
-	    StrLCat(newfmt, tag, sizeof(newfmt));
 	va_start(ap, fmt);
-	(void) vsnprintf(buf, sizeof(buf), newfmt, ap);
+	(void) vsnprintf(buf, sizeof(buf), fmt, ap);
 	va_end(ap);
 	if (show_perror)
 	    StrLCat(buf, Strerror(error), sizeof(buf));
-	SysLog(error_priority, buf);
+	SysLog(error_priority, (error_user ? error_user : user), buf, tag);
     }
 #endif
 
@@ -502,7 +500,7 @@ va_dcl
 
 #ifdef HAVE_SYSLOG_H
     if (error_syslog) {
-	char newfmt[MAXPRINT], buf[MAXPRINT];
+	char buf[MAXPRINT];
 	va_start(ap);
 	show_perror = va_arg(ap, int);
 	die = va_arg(ap, int);
@@ -511,13 +509,9 @@ va_dcl
 	    OpenLog(error_prog ? error_prog : "", 0, error_facility);
 	    openlog_done = 1;
 	}
-	sprintf(newfmt, "(%s) ", error_user ? error_user : user);
-	StrLCat(newfmt, fmt, sizeof(newfmt));
-	if (tag)
-	    StrLCat(newfmt, tag, sizeof(newfmt));
 	(void) vsnprintf(buf, sizeof(buf), newfmt, ap);
 	va_end(ap);
-	SysLog(error_priority, buf);
+	SysLog(error_priority, (error_user ? error_user : user), buf, tag);
     }
 #endif