format string bug in nm_info_handler

From: Ian Jackson <ian davenant greenend org uk>
To: networkmanager-list gnome org
Cc: Thomas Hood <jdthood aglu demon nl>, thom may ubuntu com
Subject: format string bug in nm_info_handler
Date: Thu, 28 Jul 2005 15:58:04 +0100

static void
nm_info_handler (const gchar	*log_domain,
		GLogLevelFlags	 log_level,
		const gchar	*message,
		gboolean 	 is_daemon)
{
...
	syslog (syslog_priority, message);
}

This should read:

	syslog (syslog_priority, "%s", message);

I can't figure out whether this is exploitable.  That would depend on
what kinds of messages an attacker could get passed g_log.

Ian.

Follow-Ups:
- Re: format string bug in nm_info_handler
  - From: Ray Strode

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]