X-Git-Url: https://git.tld-linux.org/?p=packages%2Fxrdp.git;a=blobdiff_plain;f=format-security.patch;fp=format-security.patch;h=5dea14773ad296dc601e144ab579ad4fe1a1b68e;hp=f8a1d66733f8de6c1f70d60b5c518880c61356a2;hb=ff65cdbbd6ea4ce34c1381ea3c6d5da88db8ac35;hpb=64b912db915190fd50443dd67f200ccebd2a683d

diff --git a/format-security.patch b/format-security.patch
index f8a1d66..5dea147 100644
--- a/format-security.patch
+++ b/format-security.patch
@@ -1,6 +1,10 @@
---- xrdp-v0.6.1/common/log.c~	2013-11-09 21:11:15.000000000 +0100
-+++ xrdp-v0.6.1/common/log.c	2013-12-07 18:38:21.836315352 +0100
-@@ -160,7 +160,7 @@
+Fix a potential security problem if the message log contained "%".
+
+diff --git a/common/log.c b/common/log.c
+index 7bbdfc0..4ed2adf 100644
+--- a/common/log.c
++++ b/common/log.c
+@@ -160,13 +160,13 @@ log_message(struct log_config* l_cfg, const unsigned int lvl, const char* msg, .
    if (l_cfg->enable_syslog  && (lvl <= l_cfg->log_level))
    {
      /* log to syslog */
@@ -9,3 +13,10 @@
    }
  
    if (lvl <= l_cfg->log_level)
+   {
+     /* log to console */
+-    g_printf((char*)buff);
++    g_printf("%s", (char*)buff);
+ 
+     /* log to application logfile */
+ #ifdef LOG_ENABLE_THREAD