[Ntop-dev] ntop - format string bug in traceEvent
Peter Suschlik
ntop-dev@unipi.it
Thu, 28 Feb 2002 12:46:14 +0100
Hi,
while playing around with ntop and its webinterface I discovered a
format string bug using .../switch?interface=<interface>.
I got segfaults when the interface parameter was set to %s.
This happens in traceEvent() function using printf() and syslog().
Patch is attached.
BTW: Switching interfaces does not work for although I specified 2
interfaces. The "result"-page says that the NIC was switched but it
was't
ntop-Version: ntop v.2.0.0 MT (SSL) [i386-unknown-freebsd4.4] (02/27/02 10:29:41 PM build)
Regards
Peter Suschlik (peter@zilium.de)
P.S.: I've already emailed the author directly 'cause I'm not this
mailing list. Sorry
--- util.c.orig Wed Feb 27 22:40:11 2002
+++ util.c Wed Feb 27 22:41:51 2002
@@ -2170,7 +2170,7 @@
#endif
if(!useSyslog) {
- printf(buf);
+ printf("%s", buf);
if(format[strlen(format)-1] != '\n')
printf("\n");
}
@@ -2179,20 +2179,20 @@
#if 0
switch(traceLevel) {
case 0:
- syslog(LOG_ERR, buf);
+ syslog(LOG_ERR, "%s", buf);
break;
case 1:
- syslog(LOG_WARNING, buf);
+ syslog(LOG_WARNING, "%s", buf);
break;
case 2:
- syslog(LOG_NOTICE, buf);
+ syslog(LOG_NOTICE, "%s", buf);
break;
default:
- syslog(LOG_INFO, buf);
+ syslog(LOG_INFO, "%s", buf);
break;
}
#else
- syslog(LOG_ERR, buf);
+ syslog(LOG_ERR, "%s", buf);
#endif
}
#endif