format string bug in nm_info_handler

static void
nm_info_handler (const gchar	*log_domain,
		GLogLevelFlags	 log_level,
		const gchar	*message,
		gboolean 	 is_daemon)
	syslog (syslog_priority, message);

This should read:

	syslog (syslog_priority, "%s", message);

I can't figure out whether this is exploitable.  That would depend on
what kinds of messages an attacker could get passed g_log.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]