From owner-freebsd-bugs  Tue Jul 25  0:40: 4 2000
Delivered-To: freebsd-bugs@freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21])
	by hub.freebsd.org (Postfix) with ESMTP id C122237B9BC
	for <freebsd-bugs@FreeBSD.org>; Tue, 25 Jul 2000 00:40:02 -0700 (PDT)
	(envelope-from gnats@FreeBSD.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.9.3/8.9.2) id AAA90973;
	Tue, 25 Jul 2000 00:40:02 -0700 (PDT)
	(envelope-from gnats@FreeBSD.org)
Date: Tue, 25 Jul 2000 00:40:02 -0700 (PDT)
Message-Id: <200007250740.AAA90973@freefall.freebsd.org>
To: freebsd-bugs@FreeBSD.org
Cc: 
From: Peter Pentchev <roam@orbitel.bg>
Subject: Re: bin/20054: ftpd: rotating _PATH_FTPDSTATFILE losts xferlog
Reply-To: Peter Pentchev <roam@orbitel.bg>
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

The following reply was made to PR bin/20054; it has been noted by GNATS.

From: Peter Pentchev <roam@orbitel.bg>
To: Makoto MATSUSHITA <matusita@jp.freebsd.org>
Cc: freebsd-gnats-submit@freebsd.org
Subject: Re: bin/20054: ftpd: rotating _PATH_FTPDSTATFILE losts xferlog
Date: Tue, 25 Jul 2000 10:35:44 +0300

 On Mon, Jul 24, 2000 at 10:20:04PM -0700, Makoto MATSUSHITA wrote:
 [snip]
 >  ! 		if (statssyslog)
 >  ! 			syslog(LOG_INFO, buf);
 
 I'd suggest syslog(LOG_INFO, "%s", buf) - no need to create yet
 another potential format-string vulnerability ;)
 
 G'luck,
 Peter Pentchev
 
 -- 
 If this sentence didn't exist, somebody would have invented it.
 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message