From 76a6754bf0d97628f54081e3d83bdc3c690af0fd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kai=20L=C3=BCke?= <kailueke@riseup.net>
Date: Tue, 18 Sep 2018 13:12:14 +0200
Subject: [PATCH] Fix string format vulnerability
If the message in g_log_structured itself
contained format sequences like %d or %n they
were applied again, leading to leaked stack contents
and possibly memory corruption. It can be triggered
e.g. by a volume label containing format sequences.
Print the message argument itself into a "%s" string
to avoid intepreting format sequences.
https://github.com/storaged-project/udisks/issues/578
---
src/udiskslogging.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/udiskslogging.c b/src/udiskslogging.c
index ab49fcbf..47a3af23 100644
--- a/src/udiskslogging.c
+++ b/src/udiskslogging.c
@@ -60,7 +60,7 @@ udisks_log (UDisksLogLevel level,
#if GLIB_CHECK_VERSION(2, 50, 0)
g_log_structured ("udisks", (GLogLevelFlags) level,
- "MESSAGE", message, "THREAD_ID", "%d", (gint) syscall (SYS_gettid),
+ "MESSAGE", "%s", message, "THREAD_ID", "%d", (gint) syscall (SYS_gettid),
"CODE_FUNC", function, "CODE_FILE", location);
#else
g_log ("udisks", level, "[%d]: %s [%s, %s()]", (gint) syscall (SYS_gettid), message, location, function);
--
2.17.1