LogFilePrep: add a comment to the unsafe format string.
CVE-2018-14665 also made it possible to exploit this to access
memory. With -logfile forbidden when running with elevated privileges
this is no longer an issue.
Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>
Reviewed-by: Adam Jackson <ajax@redhat.com>
(cherry picked from commit 248d164eae
)
This commit is contained in:
parent
8a59e3b7db
commit
da15c74139
2
os/log.c
2
os/log.c
|
@ -194,6 +194,8 @@ LogFilePrep(const char *fname, const char *backup, const char *idstring)
|
|||
{
|
||||
char *logFileName = NULL;
|
||||
|
||||
/* the format string below is controlled by the user,
|
||||
this code should never be called with elevated privileges */
|
||||
if (asprintf(&logFileName, fname, idstring) == -1)
|
||||
FatalError("Cannot allocate space for the log file name\n");
|
||||
|
||||
|
|
Loading…
Reference in New Issue
Block a user