diff options
author | kris <kris@FreeBSD.org> | 2001-07-05 08:17:41 +0000 |
---|---|---|
committer | kris <kris@FreeBSD.org> | 2001-07-05 08:17:41 +0000 |
commit | 62daf61425fb633804f8526484144b1ba9ec5f3d (patch) | |
tree | 890cea6fae2d792156a735daf92c405b7f6c91cb /usr.bin | |
parent | f6fc0970daf5c18ee4284e3ce0d44b46a9902736 (diff) | |
download | FreeBSD-src-62daf61425fb633804f8526484144b1ba9ec5f3d.zip FreeBSD-src-62daf61425fb633804f8526484144b1ba9ec5f3d.tar.gz |
Don't generate syslog() statements which have format string vulnerabilities.
MFC after: 1 week
Diffstat (limited to 'usr.bin')
-rw-r--r-- | usr.bin/rpcgen/rpc_svcout.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/usr.bin/rpcgen/rpc_svcout.c b/usr.bin/rpcgen/rpc_svcout.c index 86ff5a2..b3eddf5 100644 --- a/usr.bin/rpcgen/rpc_svcout.c +++ b/usr.bin/rpcgen/rpc_svcout.c @@ -769,12 +769,12 @@ write_msg_out(void) f_print(fout, "#ifdef RPC_SVC_FG\n"); if (inetdflag || pmflag) f_print(fout, "\tif (_rpcpmstart)\n"); - f_print(fout, "\t\tsyslog(LOG_ERR, msg);\n"); + f_print(fout, "\t\tsyslog(LOG_ERR, \"%%s\", msg);\n"); f_print(fout, "\telse\n"); f_print(fout, "\t\t(void) fprintf(stderr, \"%%s\\n\", msg);\n"); f_print(fout, "#else\n"); - f_print(fout, "\tsyslog(LOG_ERR, msg);\n"); + f_print(fout, "\tsyslog(LOG_ERR, \"%%s\", msg);\n"); f_print(fout, "#endif\n"); f_print(fout, "}\n"); } |