diff options
| author | kris <kris@FreeBSD.org> | 2000-08-13 05:23:23 +0000 |
|---|---|---|
| committer | kris <kris@FreeBSD.org> | 2000-08-13 05:23:23 +0000 |
| commit | e5f617598c2db0dd51906a38ecea9208123a8b70 (patch) | |
| tree | b33e7d4eb24152fb855b36716c3a0f4d1a7d417f /crypto | |
| parent | 5ed96cd5daa48af752db4781418f32f9258cce94 (diff) | |
| download | FreeBSD-src-e5f617598c2db0dd51906a38ecea9208123a8b70.zip FreeBSD-src-e5f617598c2db0dd51906a38ecea9208123a8b70.tar.gz | |
Fix setproctitle() and syslog() vulnerabilities.
Diffstat (limited to 'crypto')
| -rw-r--r-- | crypto/heimdal/appl/ftp/ftpd/ftpd.c | 6 | ||||
| -rw-r--r-- | crypto/heimdal/appl/kauth/kauthd.c | 8 | ||||
| -rw-r--r-- | crypto/heimdal/appl/rsh/rshd.c | 2 |
3 files changed, 8 insertions, 8 deletions
diff --git a/crypto/heimdal/appl/ftp/ftpd/ftpd.c b/crypto/heimdal/appl/ftp/ftpd/ftpd.c index 8c5ddf3..21b3e44 100644 --- a/crypto/heimdal/appl/ftp/ftpd/ftpd.c +++ b/crypto/heimdal/appl/ftp/ftpd/ftpd.c @@ -775,7 +775,7 @@ int do_login(int code, char *passwd) "%s: anonymous/%s", remotehost, passwd); - setproctitle(proctitle); + setproctitle("%s", proctitle); #endif /* HAVE_SETPROCTITLE */ if (logging) { char data_addr[256]; @@ -795,7 +795,7 @@ int do_login(int code, char *passwd) reply(code, "User %s logged in.", pw->pw_name); #ifdef HAVE_SETPROCTITLE snprintf(proctitle, sizeof(proctitle), "%s: %s", remotehost, pw->pw_name); - setproctitle(proctitle); + setproctitle("%s", proctitle); #endif /* HAVE_SETPROCTITLE */ if (logging) { char data_addr[256]; @@ -1769,7 +1769,7 @@ dolog(struct sockaddr *sa, int len) NULL, 0, 0); #ifdef HAVE_SETPROCTITLE snprintf(proctitle, sizeof(proctitle), "%s: connected", remotehost); - setproctitle(proctitle); + setproctitle("%s", proctitle); #endif /* HAVE_SETPROCTITLE */ if (logging) { diff --git a/crypto/heimdal/appl/kauth/kauthd.c b/crypto/heimdal/appl/kauth/kauthd.c index 520730a..fe0ceb2 100644 --- a/crypto/heimdal/appl/kauth/kauthd.c +++ b/crypto/heimdal/appl/kauth/kauthd.c @@ -130,7 +130,7 @@ doit(int sock) if( kuserok(&auth, locuser) != 0) { snprintf(buf, sizeof(buf), "%s cannot get tickets for %s", locuser, krb_unparse_name(&princ)); - syslog (LOG_ERR, buf); + syslog (LOG_ERR, "%s", buf); write_encrypted (sock, buf, strlen(buf), schedule, &auth.session, &thisaddr, &thataddr); return 1; @@ -138,7 +138,7 @@ doit(int sock) passwd = k_getpwnam (locuser); if (passwd == NULL) { snprintf (buf, sizeof(buf), "No user '%s'", locuser); - syslog (LOG_ERR, buf); + syslog (LOG_ERR, "%s", buf); write_encrypted (sock, buf, strlen(buf), schedule, &auth.session, &thisaddr, &thataddr); return 1; @@ -147,7 +147,7 @@ doit(int sock) initgroups(passwd->pw_name, passwd->pw_gid) || setuid(passwd->pw_uid)) { snprintf (buf, sizeof(buf), "Could not change user"); - syslog (LOG_ERR, buf); + syslog (LOG_ERR, "%s", buf); write_encrypted (sock, buf, strlen(buf), schedule, &auth.session, &thisaddr, &thataddr); return 1; @@ -189,7 +189,7 @@ doit(int sock) return 0; } else { snprintf (buf, sizeof(buf), "TGT failed: %s", krb_get_err_text(status)); - syslog (LOG_NOTICE, buf); + syslog (LOG_NOTICE, "%s", buf); write_encrypted (sock, buf, strlen(buf), schedule, &auth.session, &thisaddr, &thataddr); return 1; diff --git a/crypto/heimdal/appl/rsh/rshd.c b/crypto/heimdal/appl/rsh/rshd.c index d018856..9bbdf11 100644 --- a/crypto/heimdal/appl/rsh/rshd.c +++ b/crypto/heimdal/appl/rsh/rshd.c @@ -85,7 +85,7 @@ fatal (int sock, const char *m, ...) va_start(args, m); len = vsnprintf (buf + 1, sizeof(buf) - 1, m, args); va_end(args); - syslog (LOG_ERR, buf + 1); + syslog (LOG_ERR, "%s", buf + 1); net_write (sock, buf, len + 1); exit (1); } |
