[360] in linux-security and linux-alert archive
Re: syslog(2), libc-4.7.4: Versions confuse me.
daemon@ATHENA.MIT.EDU (Cy Schubert)
Tue Sep 12 16:36:16 1995
Reply-to: cy-schubert@uumail.gov.bc.ca
To: Jakob Schiotz <schiotz@nils.wustl.edu>
cc: linux-security@tarsier.cv.nrao.edu, cy@passer.osg.gov.bc.ca
In-reply-to: Your message of "Mon, 11 Sep 1995 10:48:47 CDT."
<199509111548.KAA27666@nils.wustl.edu>
Date: Tue, 12 Sep 1995 07:20:21 -0700
From: Cy Schubert <cy@uumail.gov.bc.ca>
[mod: quoting trimmed. --okir]
> Hi Security Gurus!
>
> I am trying to defuse the syslog(2) bomb by installing libc version
> 4.7.4 as recently posted here, but I made the mistake of reading the
> documentation... :-)
>
I did too and decided to customize the installation instead. Since
I work as a S/A and get called at all hours of the night, I need my
PC to dial in to work at a moments notice to fix any problems (it
beats the 1/2 drive in to work to fix). My solution was to retrofit
the patch back to libc 4.6.27 until I decide to purchase an upgraded
version of the Slackware CD. It's been running on my system since
01 Sept. Prior to installing the patch the test program would abort
with a segmentation violation, now it works.
Following is my retrofitted patch for anyone who wishes to continue
using libc 4.6.27
--- syslog.c~ Tue Aug 29 22:14:25 1995
+++ syslog.c Tue Aug 29 22:14:25 1995
@@ -133,19 +133,20 @@
if (LogTag) {
*p++ = ':';
*p++ = ' ';
}
/* Substitute error message for %m. */
{
- register char ch, *t1, *t2;
+ register char ch, *t1;
char *strerror();
- for (t1 = fmt_cpy; ch = *fmt; ++fmt)
+ for (t1 = fmt_cpy; (ch = *fmt) != '\0' && t1<fmt_cpy+sizeof(fmt_cpy); ++fmt)
if (ch == '%' && fmt[1] == 'm') {
++fmt;
- t1 += sprintf(t1, "%s", strerror(saved_errno));
+ t1 += snprintf(t1, sizeof(fmt_cpy)-(t1-fmt_cpy),
+ "%s", strerror(saved_errno));
}
else
*t1++ = ch;
*t1 = '\0';
}
If anyone cannot remember the test program that was posted, here it
is.
#include <stdio.h>
#include <syslog.h>
static char x[6]= {'H','E','L','L','O',0};
void main()
{
char buf[4096];
int ct;
for(ct=0;ct<4095;ct++)
buf[ct]='X';
openlog("testprog",LOG_PID, LOG_AUTHPRIV);
printf("Check snprintf\n");
snprintf(x,3,buf);
if(x[4]!='O')
fprintf(stderr,"snprintf is broken\n");
printf("Testing syslog\n");
syslog(LOG_ERR|LOG_USER,buf);
closelog();
}
I hope this helps.
Regards, Phone: (604)389-3827
Cy Schubert OV/VM: BCSC02(CSCHUBER)
Open Systems Support BITNET: CSCHUBER@BCSC02.BITNET
BC Systems Corp. Internet: cschuber@uumail.gov.bc.ca
cschuber@bcsc02.gov.bc.ca
"Quit spooling around, JES do it."
