format string bug in nm_info_handler



static void
nm_info_handler (const gchar	*log_domain,
		GLogLevelFlags	 log_level,
		const gchar	*message,
		gboolean 	 is_daemon)
{
...
	syslog (syslog_priority, message);
}

This should read:

	syslog (syslog_priority, "%s", message);

I can't figure out whether this is exploitable.  That would depend on
what kinds of messages an attacker could get passed g_log.

Ian.



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]