possible security fix: do not call slilog with intended message as format string

[secnet] / log.c

diff --git a/log.c b/log.c
index 16ed60a..837ed55 100644 (file)
--- a/log.c
+++ b/log.c
@@ -29,7 +29,7 @@ static void vMessage(uint32_t class, const char *message, va_list args)
        /* Each line is sent separately */
        while ((nlp=strchr(buff,'\n'))) {
            *nlp=0;
-           slilog(system_log,class,buff);
+           slilog(system_log,class,"%s",buff);
            memmove(buff,nlp+1,strlen(nlp+1)+1);
        }
     } else {
@@ -555,7 +555,6 @@ void log_from_fd(int fd, cstring_t prefix, struct log_if *log)
                      prefix);
 }
 
-init_module log_module;
 void log_module(dict_t *dict)
 {
     add_closure(dict,"logfile",logfile_apply);