|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: INN: guilty of syslog() format string breakage?
From: Chris Evans (chris
ferret.lmh.ox.ac.uk)Date: Wed Jun 28 2000 - 17:52:21 CDT
- Next message: Tymm Twillman: "Re: INN: guilty of syslog() format string breakage?"
- Previous message: Chris Evans: "Re: static analysis"
- Next in thread: Tymm Twillman: "Re: INN: guilty of syslog() format string breakage?"
- Reply: Tymm Twillman: "Re: INN: guilty of syslog() format string breakage?"
- Reply: Solar Designer: "Re: INN: guilty of syslog() format string breakage?"
- Reply: Daniel Jacobowitz: "Re: INN: guilty of syslog() format string breakage?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hmm,
Some guru fancy considering if this is exploitable?
Chris
innfeed/misc.c:
static void log (int level, const char *fmt, va_list args)
{
time_t now = time (NULL) ;
char timeString [30] ;
char *p = NULL ;
int out ;
strcpy (timeString,ctime (&now)) ;
timeString [24] = '\0' ;
fprintf (stderr, "%s %s: ",
timeString, (program ? program : "UNKNOWN PROGRAM NAME")) ;
out = vfprintf (stderr, fmt, args) ;
fprintf (stderr,"\n") ;
p = malloc (out + 10) ;
vsprintf (p,fmt,args) ;
syslog (level,p) ; <----------------------------------
}
- Next message: Tymm Twillman: "Re: INN: guilty of syslog() format string breakage?"
- Previous message: Chris Evans: "Re: static analysis"
- Next in thread: Tymm Twillman: "Re: INN: guilty of syslog() format string breakage?"
- Reply: Tymm Twillman: "Re: INN: guilty of syslog() format string breakage?"
- Reply: Solar Designer: "Re: INN: guilty of syslog() format string breakage?"
- Reply: Daniel Jacobowitz: "Re: INN: guilty of syslog() format string breakage?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]