From e5f617598c2db0dd51906a38ecea9208123a8b70 Mon Sep 17 00:00:00 2001
From: kris <kris@FreeBSD.org>
Date: Sun, 13 Aug 2000 05:23:23 +0000
Subject: Fix setproctitle() and syslog() vulnerabilities.

---
 crypto/heimdal/appl/ftp/ftpd/ftpd.c | 6 +++---
 crypto/heimdal/appl/kauth/kauthd.c  | 8 ++++----
 crypto/heimdal/appl/rsh/rshd.c      | 2 +-
 3 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/crypto/heimdal/appl/ftp/ftpd/ftpd.c b/crypto/heimdal/appl/ftp/ftpd/ftpd.c
index 8c5ddf3..21b3e44 100644
--- a/crypto/heimdal/appl/ftp/ftpd/ftpd.c
+++ b/crypto/heimdal/appl/ftp/ftpd/ftpd.c
@@ -775,7 +775,7 @@ int do_login(int code, char *passwd)
 		  "%s: anonymous/%s",
 		  remotehost,
 		  passwd);
-	setproctitle(proctitle);
+	setproctitle("%s", proctitle);
 #endif /* HAVE_SETPROCTITLE */
 	if (logging) {
 	    char data_addr[256];
@@ -795,7 +795,7 @@ int do_login(int code, char *passwd)
 	reply(code, "User %s logged in.", pw->pw_name);
 #ifdef HAVE_SETPROCTITLE
 	snprintf(proctitle, sizeof(proctitle), "%s: %s", remotehost, pw->pw_name);
-	setproctitle(proctitle);
+	setproctitle("%s", proctitle);
 #endif /* HAVE_SETPROCTITLE */
 	if (logging) {
 	    char data_addr[256];
@@ -1769,7 +1769,7 @@ dolog(struct sockaddr *sa, int len)
 			      NULL, 0, 0);
 #ifdef HAVE_SETPROCTITLE
 	snprintf(proctitle, sizeof(proctitle), "%s: connected", remotehost);
-	setproctitle(proctitle);
+	setproctitle("%s", proctitle);
 #endif /* HAVE_SETPROCTITLE */
 
 	if (logging) {
diff --git a/crypto/heimdal/appl/kauth/kauthd.c b/crypto/heimdal/appl/kauth/kauthd.c
index 520730a..fe0ceb2 100644
--- a/crypto/heimdal/appl/kauth/kauthd.c
+++ b/crypto/heimdal/appl/kauth/kauthd.c
@@ -130,7 +130,7 @@ doit(int sock)
      if( kuserok(&auth, locuser) != 0) {
 	 snprintf(buf, sizeof(buf), "%s cannot get tickets for %s",
 		  locuser, krb_unparse_name(&princ));
-	 syslog (LOG_ERR, buf);
+	 syslog (LOG_ERR, "%s", buf);
 	 write_encrypted (sock, buf, strlen(buf), schedule,
 			  &auth.session, &thisaddr, &thataddr);
 	 return 1;
@@ -138,7 +138,7 @@ doit(int sock)
      passwd = k_getpwnam (locuser);
      if (passwd == NULL) {
 	  snprintf (buf, sizeof(buf), "No user '%s'", locuser);
-	  syslog (LOG_ERR, buf);
+	  syslog (LOG_ERR, "%s", buf);
 	  write_encrypted (sock, buf, strlen(buf), schedule,
 			   &auth.session, &thisaddr, &thataddr);
 	  return 1;
@@ -147,7 +147,7 @@ doit(int sock)
 	 initgroups(passwd->pw_name, passwd->pw_gid) ||
 	 setuid(passwd->pw_uid)) {
 	  snprintf (buf, sizeof(buf), "Could not change user");
-	  syslog (LOG_ERR, buf);
+	  syslog (LOG_ERR, "%s", buf);
 	  write_encrypted (sock, buf, strlen(buf), schedule,
 			   &auth.session, &thisaddr, &thataddr);
 	  return 1;
@@ -189,7 +189,7 @@ doit(int sock)
 	  return 0;
      } else {
 	  snprintf (buf, sizeof(buf), "TGT failed: %s", krb_get_err_text(status));
-	  syslog (LOG_NOTICE, buf);
+	  syslog (LOG_NOTICE, "%s", buf);
 	  write_encrypted (sock, buf, strlen(buf), schedule,
 			   &auth.session, &thisaddr, &thataddr);
 	  return 1;
diff --git a/crypto/heimdal/appl/rsh/rshd.c b/crypto/heimdal/appl/rsh/rshd.c
index d018856..9bbdf11 100644
--- a/crypto/heimdal/appl/rsh/rshd.c
+++ b/crypto/heimdal/appl/rsh/rshd.c
@@ -85,7 +85,7 @@ fatal (int sock, const char *m, ...)
     va_start(args, m);
     len = vsnprintf (buf + 1, sizeof(buf) - 1, m, args);
     va_end(args);
-    syslog (LOG_ERR, buf + 1);
+    syslog (LOG_ERR, "%s", buf + 1);
     net_write (sock, buf, len + 1);
     exit (1);
 }
-- 
cgit v1.1