Fixed a bug that could case a root exploit when the daemon is compiled

to do IDENT lookups and is logging to syslog. Bug discovered by CoKi,
<coki@nosystem.com.ar>, thanks a lot!
(http://www.nosystem.com.ar/advisories/advisory-11.txt)

diff --git a/ChangeLog b/ChangeLog
index 98970049a415681af9b76df558745e821560395f..340ae6bfefdc7545d5dfb95fe580502abbe8fe7b 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -12,6 +12,10 @@
 
 ngIRCd CVSHEAD
 
+  - Fixed a bug that could case a root exploit when the daemon is compiled
+    to do IDENT lookups and is logging to syslog. Bug discovered by CoKi,
+    <coki@nosystem.com.ar>, thanks a lot!
+    (http://www.nosystem.com.ar/advisories/advisory-11.txt)
   - Code cleanups from Florian Westphal, <westphal@foo.fh-furtwangen.de>.
   - Raised the maximum length of passwords to 20 characters.
   - Fixed a memory leak when resizing the connection pool and realloc()
@@ -28,7 +32,7 @@ ngIRCd CVSHEAD
     should enable the system to write proper core files when not running with
     root privileges ...
 
-ngircd 0.8.2 (2005-01-26)
+ngIRCd 0.8.2 (2005-01-26)
 
   - Added doc/SSL.txt to distribution.
   - Fixed a buffer overflow that could cause the daemon to crash. Bug found
@@ -572,4 +576,4 @@ ngIRCd 0.0.1, 31.12.2001
 
 
 -- 
-$Id: ChangeLog,v 1.256 2005/02/03 09:11:43 alex Exp $
+$Id: ChangeLog,v 1.257 2005/02/03 09:26:42 alex Exp $

diff --git a/src/ngircd/log.c b/src/ngircd/log.c
index 9af2a447ea72a5b5d3f3185f271dfd10b420a654..ec284269cdbbe8870135cde6b0afbf3234c3d0a3 100644 (file)
--- a/src/ngircd/log.c
+++ b/src/ngircd/log.c
@@ -14,7 +14,7 @@
 
 #include "portab.h"
 
-static char UNUSED id[] = "$Id: log.c,v 1.49 2005/01/20 00:12:23 alex Exp $";
+static char UNUSED id[] = "$Id: log.c,v 1.50 2005/02/03 09:26:42 alex Exp $";
 
 #include "imp.h"
 #include <assert.h>
@@ -272,7 +272,7 @@ va_dcl
                fflush( stdout );
        }
 #ifdef SYSLOG
-       else syslog( Level, msg );
+       else syslog( Level, "%s", msg );
 #endif
 } /* Log_Resolver */