Package: xorp
Version: 1.5-6
Severity: normal
Tags: patch
User: [EMAIL PROTECTED]
Usertags: origin-ubuntu jaunty ubuntu-patch
Hi,
In your package there are two places where the value of a single variable
containing a string is printed directly. This can cause crashes, and can
even be a security vulnerability.
The attached patch corrects the two cases in your package, please
consider applying it.
Thanks,
James
--- xorp-1.5.orig/policy/filter_manager.cc
+++ xorp-1.5/policy/filter_manager.cc
@@ -119,7 +119,7 @@
debug_msg("[POLICY] XRL exception: %s\n", e.str().c_str());
error_msg = c_format("XRL policy_backend_cb() error: %s",
e.str().c_str());
- XLOG_ERROR(error_msg.c_str());
+ XLOG_ERROR("%s", error_msg.c_str());
// xorp_throw(FMException, error_msg); // XXX: what else can we do ?
}
}
only in patch2:
unchanged:
--- xorp-1.5.orig/policy/process_watch.cc
+++ xorp-1.5/policy/process_watch.cc
@@ -40,7 +40,7 @@
if (err != XrlError::OKAY()) {
error_msg = c_format("XRL register_cb() error: %s", err.str().c_str());
- XLOG_ERROR(error_msg.c_str());
+ XLOG_ERROR("%s", error_msg.c_str());
// xorp_throw(PWException, error_msg);
}
}
