On Mon, 14 Jul 2003, Brian Kimball wrote:
>Connecting to bincimap 1.1.8 with mutt with no SSL I get this in my log:
>Client con[11639]: Client connected to Binc IMAP from ?
>allow-plain[11640]: User <bk> entered authenticated mode.
>allow-plain[11640]: Shutting down - bodies:17 statements:8
>PASSWORD[11639]: Error, shutting down: readChar EOF
>PASSWORD[11639]: Input warning, shutting down: in Broker::parse, in expectTag, in
>expectTagChar, readChar EOF
>PASSWORD[11639]: Shutting down - read:301 wrote:8295
>Of course instead of PASSWORD my actually password is logged.
Here's the patch to fix this problem. "man openlog" says this:
openlog() opens a connection to the system logger for a
program. The string pointed to by _ident_ is prepended to
every message, and is typically set to the program name.
Naturally, when a pointer to a temporary character buffer is used here,
after the method exits, _ident_ will point to a point in the stack in
which potentially anything might show up. This patch fixes the problem by
allocating a static string for this job.
I recommend everyone who uses syslog for logging to add this patch, which
is based on 1.1.8.
Andy
--- src/io/io.cc.orig 2003-07-14 23:53:16.000000000 +0200
+++ src/io/io.cc 2003-07-14 23:52:09.000000000 +0200
@@ -159,8 +159,10 @@
//------------------------------------------------------------------------
void IO::setModeSyslog(const string &servicename, int facility = LOG_DAEMON)
{
+ static string sname;
+ sname = servicename;
if (mode != MODE_SYSLOG) {
- openlog(servicename.c_str(), LOG_PID, facility);
+ openlog(sname.c_str(), LOG_PID, facility);
mode = MODE_SYSLOG;
}
}
