|
 |
eb981d |
From e369a9b4b08e9373c814c05328b366c938284eb5 Mon Sep 17 00:00:00 2001
|
|
|
eb981d |
From: =?UTF-8?q?Kai=20L=C3=BCke?= <kailueke@riseup.net>
|
|
|
eb981d |
Date: Tue, 18 Sep 2018 13:12:14 +0200
|
|
|
eb981d |
Subject: [PATCH] Fix string format vulnerability
|
|
|
eb981d |
|
|
|
eb981d |
If the message in g_log_structured itself
|
|
|
eb981d |
contained format sequences like %d or %n they
|
|
|
eb981d |
were applied again, leading to leaked stack contents
|
|
|
eb981d |
and possibly memory corruption. It can be triggered
|
|
|
eb981d |
e.g. by a volume label containing format sequences.
|
|
|
eb981d |
|
|
|
eb981d |
Print the message argument itself into a "%s" string
|
|
|
eb981d |
to avoid intepreting format sequences.
|
|
|
eb981d |
|
|
|
eb981d |
https://github.com/storaged-project/udisks/issues/578
|
|
|
eb981d |
---
|
|
|
eb981d |
src/udiskslogging.c | 2 +-
|
|
|
eb981d |
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
eb981d |
|
|
|
eb981d |
diff --git a/src/udiskslogging.c b/src/udiskslogging.c
|
|
|
eb981d |
index ab49fcbf4..47a3af23a 100644
|
|
|
eb981d |
--- a/src/udiskslogging.c
|
|
|
eb981d |
+++ b/src/udiskslogging.c
|
|
|
eb981d |
@@ -60,7 +60,7 @@ udisks_log (UDisksLogLevel level,
|
|
|
eb981d |
|
|
|
eb981d |
#if GLIB_CHECK_VERSION(2, 50, 0)
|
|
|
eb981d |
g_log_structured ("udisks", (GLogLevelFlags) level,
|
|
|
eb981d |
- "MESSAGE", message, "THREAD_ID", "%d", (gint) syscall (SYS_gettid),
|
|
|
eb981d |
+ "MESSAGE", "%s", message, "THREAD_ID", "%d", (gint) syscall (SYS_gettid),
|
|
|
eb981d |
"CODE_FUNC", function, "CODE_FILE", location);
|
|
|
eb981d |
#else
|
|
|
eb981d |
g_log ("udisks", level, "[%d]: %s [%s, %s()]", (gint) syscall (SYS_gettid), message, location, function);
|