news@tc.fluke.COM (UNIX Network News) (08/03/88)
From: jeff@tc.fluke.COM (Jeff Stearns)
Path: fluke!jeff
Site: John Fluke Mfg. Co., Inc.
Subject: logger(1) hiccups on % signs
Index: ucb/logger UNIX 4.3BSD
Description:
Logger(1) mishandles messages containing % signs, treating them as
though they were printf(3) conversion specifiers. As a result,
randomly-formatted strings are logged.
Sometimes you can provoke a core dump.
Repeat-By:
logger -t testing -p user.info
here comes a % sign
here come two %% signs
100%flood insurance 18%dairy cows 5%light bulbs
^D
Fix:
Change
syslog(pri, buf);
to
syslog(pri, "%s", buf);
--
Jeff Stearns
Domain: jeff@tc.fluke.COM
Voice: +1 206 356 5064
If you must: {uw-beaver,microsoft,sun}!fluke!jeff
USPS: John Fluke Mfg. Co. / P.O. Box C9090 / Everett WA 98206roy@phri.UUCP (Roy Smith) (08/03/88)
In article <4653@fluke.COM> news@tc.fluke.COM (UNIX Network News) writes: > Change > syslog(pri, buf); > to > syslog(pri, "%s", buf); This should go on the list of "common insidious bugs" and a warning be included in the man page for every printf and printf-like routine. Didn't I see essentially the same fix for bnews a while ago? As I remember, it made entries in a log file by doing printf (article_id) instead of printf ("%s", article_id); and went off the deep end when article ids with %'s in them started showing up (probably from an andrew system). -- Roy Smith, System Administrator Public Health Research Institute {allegra,philabs,cmcl2,rutgers}!phri!roy -or- phri!roy@uunet.uu.net "The connector is the network"