frederik
/
xserver
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

LogFilePrep: add a comment to the unsafe format string. 

CVE-2018-14665 also made it possible to exploit this to access
memory. With -logfile forbidden when running with elevated privileges
this is no longer an issue.

Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>
Reviewed-by: Adam Jackson <ajax@redhat.com>
This commit is contained in:
Matthieu Herrb 2018-10-23 21:29:09 +02:00 committed by Adam Jackson
parent 50c0cf885a
commit 248d164eae
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
os/log.c
View File

@ -194,6 +194,8 @@ LogFilePrep(const char *fname, const char *backup, const char *idstring)
{ {
char *logFileName = NULL; char *logFileName = NULL;
/* the format string below is controlled by the user,
this code should never be called with elevated privileges */
if (asprintf(&logFileName, fname, idstring) == -1) if (asprintf(&logFileName, fname, idstring) == -1)
FatalError("Cannot allocate space for the log file name\n"); FatalError("Cannot allocate space for the log file name\n");