- patches from debian

[packages/xrdp.git] / format-security.patch

diff --git a/format-security.patch b/format-security.patch
index f8a1d66733f8de6c1f70d60b5c518880c61356a2..5dea14773ad296dc601e144ab579ad4fe1a1b68e 100644 (file)
--- a/format-security.patch
+++ b/format-security.patch
@@ -1,6 +1,10 @@
---- xrdp-v0.6.1/common/log.c~  2013-11-09 21:11:15.000000000 +0100
-+++ xrdp-v0.6.1/common/log.c   2013-12-07 18:38:21.836315352 +0100
-@@ -160,7 +160,7 @@
+Fix a potential security problem if the message log contained "%".
+
+diff --git a/common/log.c b/common/log.c
+index 7bbdfc0..4ed2adf 100644
+--- a/common/log.c
++++ b/common/log.c
+@@ -160,13 +160,13 @@ log_message(struct log_config* l_cfg, const unsigned int lvl, const char* msg, .
    if (l_cfg->enable_syslog  && (lvl <= l_cfg->log_level))
    {
      /* log to syslog */
@@ -9,3 +13,10 @@
    }
  
    if (lvl <= l_cfg->log_level)
+   {
+     /* log to console */
+-    g_printf((char*)buff);
++    g_printf("%s", (char*)buff);
+ 
+     /* log to application logfile */
+ #ifdef LOG_ENABLE_THREAD