Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
Please login to access the resource
openSUSE:Leap:15.1:Rings:1-MinimalX
udisks2
0001-Fix-string-format-vulnerability.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0001-Fix-string-format-vulnerability.patch of Package udisks2
From e369a9b4b08e9373c814c05328b366c938284eb5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kai=20L=C3=BCke?= <kailueke@riseup.net> Date: Tue, 18 Sep 2018 13:12:14 +0200 Subject: [PATCH] Fix string format vulnerability If the message in g_log_structured itself contained format sequences like %d or %n they were applied again, leading to leaked stack contents and possibly memory corruption. It can be triggered e.g. by a volume label containing format sequences. Print the message argument itself into a "%s" string to avoid intepreting format sequences. https://github.com/storaged-project/udisks/issues/578 --- src/udiskslogging.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/udiskslogging.c b/src/udiskslogging.c index ab49fcbf..47a3af23 100644 --- a/src/udiskslogging.c +++ b/src/udiskslogging.c @@ -60,7 +60,7 @@ udisks_log (UDisksLogLevel level, #if GLIB_CHECK_VERSION(2, 50, 0) g_log_structured ("udisks", (GLogLevelFlags) level, - "MESSAGE", message, "THREAD_ID", "%d", (gint) syscall (SYS_gettid), + "MESSAGE", "%s", message, "THREAD_ID", "%d", (gint) syscall (SYS_gettid), "CODE_FUNC", function, "CODE_FILE", location); #else g_log ("udisks", level, "[%d]: %s [%s, %s()]", (gint) syscall (SYS_gettid), message, location, function); -- 2.16.4
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor