http://bugzilla.novell.com/show_bug.cgi?id=590967
http://bugzilla.novell.com/show_bug.cgi?id=590967#c16 Jonathan Pryor <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #16 from Jonathan Pryor <[email protected]> 2010-04-09 13:47:15 UTC --- I'll freely admit to not understanding half these comments... But with respect to the patch in Comment #13, the patch is wrong, for two reasons: 1. syslog(3) documents that "the two character sequence %m will be replaced by the error message string strerror(errno)." With the above patch, syslog(3) will never see the %m, and thus users won't be able to use this documented behavior. 2. The Mono.Unix.Native.Syscall.syslog(...,string) overloads go to great efforts to ensure that only valid data is passed to syslog(3). For example: public static int syslog (SyslogLevel level, string message) { int _level = NativeConvert.FromSyslogLevel (level); return sys_syslog (_level, GetSyslogMessage (message)); } private static string GetSyslogMessage (string message) { return UnixMarshal.EscapeFormatString (message, new char[]{'m'}); } UnixMarshal.EscapeFormatString(), in turn, will only allow "%m" through unchanged. Anything else (like "%s") will be escape the '%' (e.g. with "%%s"). The exception to this are the syslog(..., params object[]) overloads, e.g.: [Obsolete ("Not necessarily portable due to cdecl restrictions.\n" + "Use syslog(SyslogLevel, string) instead.")] public static int syslog (SyslogLevel level, string format, params object[] parameters) { int _level = NativeConvert.FromSyslogLevel (level); object[] _parameters = new object[checked(parameters.Length+2)]; _parameters [0] = _level; _parameters [1] = format; Array.Copy (parameters, 0, _parameters, 2, parameters.Length); return (int) XPrintfFunctions.syslog (_parameters); } This invokes Mono_Posix_Syscall_syslog2(), which is a varargs wrapper for vsyslog(3) (and thus is expected to get additional arguments on the stack). If the developer screws this up, it's their problem. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA contact for the bug. You are the assignee for the bug. _______________________________________________ mono-bugs maillist - [email protected] http://lists.ximian.com/mailman/listinfo/mono-bugs
