diff options
author | kris <kris@FreeBSD.org> | 2000-08-13 05:23:23 +0000 |
---|---|---|
committer | kris <kris@FreeBSD.org> | 2000-08-13 05:23:23 +0000 |
commit | e5f617598c2db0dd51906a38ecea9208123a8b70 (patch) | |
tree | b33e7d4eb24152fb855b36716c3a0f4d1a7d417f /crypto/heimdal/appl/kauth | |
parent | 5ed96cd5daa48af752db4781418f32f9258cce94 (diff) | |
download | FreeBSD-src-e5f617598c2db0dd51906a38ecea9208123a8b70.zip FreeBSD-src-e5f617598c2db0dd51906a38ecea9208123a8b70.tar.gz |
Fix setproctitle() and syslog() vulnerabilities.
Diffstat (limited to 'crypto/heimdal/appl/kauth')
-rw-r--r-- | crypto/heimdal/appl/kauth/kauthd.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/crypto/heimdal/appl/kauth/kauthd.c b/crypto/heimdal/appl/kauth/kauthd.c index 520730a..fe0ceb2 100644 --- a/crypto/heimdal/appl/kauth/kauthd.c +++ b/crypto/heimdal/appl/kauth/kauthd.c @@ -130,7 +130,7 @@ doit(int sock) if( kuserok(&auth, locuser) != 0) { snprintf(buf, sizeof(buf), "%s cannot get tickets for %s", locuser, krb_unparse_name(&princ)); - syslog (LOG_ERR, buf); + syslog (LOG_ERR, "%s", buf); write_encrypted (sock, buf, strlen(buf), schedule, &auth.session, &thisaddr, &thataddr); return 1; @@ -138,7 +138,7 @@ doit(int sock) passwd = k_getpwnam (locuser); if (passwd == NULL) { snprintf (buf, sizeof(buf), "No user '%s'", locuser); - syslog (LOG_ERR, buf); + syslog (LOG_ERR, "%s", buf); write_encrypted (sock, buf, strlen(buf), schedule, &auth.session, &thisaddr, &thataddr); return 1; @@ -147,7 +147,7 @@ doit(int sock) initgroups(passwd->pw_name, passwd->pw_gid) || setuid(passwd->pw_uid)) { snprintf (buf, sizeof(buf), "Could not change user"); - syslog (LOG_ERR, buf); + syslog (LOG_ERR, "%s", buf); write_encrypted (sock, buf, strlen(buf), schedule, &auth.session, &thisaddr, &thataddr); return 1; @@ -189,7 +189,7 @@ doit(int sock) return 0; } else { snprintf (buf, sizeof(buf), "TGT failed: %s", krb_get_err_text(status)); - syslog (LOG_NOTICE, buf); + syslog (LOG_NOTICE, "%s", buf); write_encrypted (sock, buf, strlen(buf), schedule, &auth.session, &thisaddr, &thataddr); return 1; |