Format string bug in parselog.pl
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| samba (Ubuntu) |
Confirmed
|
High
|
Unassigned | ||
Bug Description
Binary package hint: samba-doc
samba-doc/
test case :
emanuel@amd64 /tmp>>echo '1 1 1 %n' | perl /usr/share/
Modification of a read-only value attempted at /usr/share/
emanuel@amd64 /tmp>>echo '1 1 1 1 %n' | perl /usr/share/
Modification of a read-only value attempted at /usr/share/
the bug can be found at :
$outstr = sprintf "TMG: %d\nTMW: %d\nEID: 1000\nETP: INFO\nECT: 0\nRS2: 0\nCRN: 0\nUSL: 0\nSRC: Syslog\nSRN: $cname\nSTR: $ln\nDAT:
fix : use %s to $cname and $ln .
$outstr = sprintf "TMG: %d\nTMW: %d\nEID: 1000\nETP: INFO\nECT: 0\nRS2: 0\nCRN: 0\nUSL: 0\nSRC: Syslog\nSRN: %s\nSTR: %s\nDAT:
| security vulnerability: | no → yes |
| Serge Hallyn (serge-hallyn) wrote | #1 |
| Changed in samba (Ubuntu): | |
| status: | New → Confirmed |
| importance: | Undecided → High |
Thanks for taking the time to submit this bug report and helping to make Ubuntu better.
I can reproduce this in oneiric, as well as confirm that your proposed fix works.
---
Ubuntu Bug Squad volunteer triager
http://