possible security fix: do not call slilog with intended message as format string

[secnet] / util.c

diff --git a/util.c b/util.c
index a795223..997979a 100644 (file)
--- a/util.c
+++ b/util.c
@@ -198,12 +198,17 @@ bool_t remove_hook(uint32_t phase, hook_fn *fn, void *state)
     return False;
 }
 
-void log(struct log_if *lf, int priority, const char *message, ...)
+void vslilog(struct log_if *lf, int priority, const char *message, va_list ap)
+{
+    lf->vlog(lf->st,priority,message,ap);
+}
+
+void slilog(struct log_if *lf, int priority, const char *message, ...)
 {
     va_list ap;
     
     va_start(ap,message);
-    lf->vlog(lf->st,priority,message,ap);
+    vslilog(lf,priority,message,ap);
     va_end(ap);
 }
 
@@ -335,7 +340,6 @@ static list_t *buffer_apply(closure_t *self, struct cloc loc, dict_t *context,
     return new_closure(&st->cl);
 }
 
-init_module util_module;
 void util_module(dict_t *dict)
 {
     add_closure(dict,"sysbuffer",buffer_apply);