diff options
| author | Alexander Barton <alex@barton.de> | 2005-02-03 09:26:42 +0000 |
|---|---|---|
| committer | Alexander Barton <alex@barton.de> | 2005-02-03 09:26:42 +0000 |
| commit | 8308c170dbf7f1c998ca0cb3b1ce7d21712a9f08 (patch) | |
| tree | 261f6fda42905d8f5a910d5801f6bb7db6712f1f /src | |
| parent | 07fe19889b9a7a7afc8da68b4062b81287d23dd3 (diff) | |
| download | ngircd-8308c170dbf7f1c998ca0cb3b1ce7d21712a9f08.tar.gz ngircd-8308c170dbf7f1c998ca0cb3b1ce7d21712a9f08.zip | |
Fixed a bug that could case a root exploit when the daemon is compiled
to do IDENT lookups and is logging to syslog. Bug discovered by CoKi, <coki@nosystem.com.ar>, thanks a lot! (http://www.nosystem.com.ar/advisories/advisory-11.txt)
Diffstat (limited to 'src')
| -rw-r--r-- | src/ngircd/log.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/ngircd/log.c b/src/ngircd/log.c index 9af2a447..ec284269 100644 --- a/src/ngircd/log.c +++ b/src/ngircd/log.c @@ -14,7 +14,7 @@ #include "portab.h" -static char UNUSED id[] = "$Id: log.c,v 1.49 2005/01/20 00:12:23 alex Exp $"; +static char UNUSED id[] = "$Id: log.c,v 1.50 2005/02/03 09:26:42 alex Exp $"; #include "imp.h" #include <assert.h> @@ -272,7 +272,7 @@ va_dcl fflush( stdout ); } #ifdef SYSLOG - else syslog( Level, msg ); + else syslog( Level, "%s", msg ); #endif } /* Log_Resolver */ |