[Tigervnc-devel] [PATCH] Help avoid improper use of LogWriter output methods

Jochen Neubeck Sat, 04 Dec 2010 01:13:08 -0800

LogWriter output methods are at times called with just a single argument, which LogWriter always treats as an sprintf format string, but which is not always meant to be such. I have seen this in a few catch blocks which involve logging of the preformatted diagnostic messages provided by the exceptions. This induces a risk of vulnerability due to misdetection of format specifiers. The patch provides safe overloads for the single argument case.


Regards,
Jochen

LogWriter.patch
Description: Binary data

------------------------------------------------------------------------------
What happens now with your Lotus Notes apps - do you make another costly 
upgrade, or settle for being marooned without product support? Time to move
off Lotus Notes and onto the cloud with Force.com, apps are easier to build,
use, and manage than apps on traditional platforms. Sign up for the Lotus 
Notes Migration Kit to learn more. http://p.sf.net/sfu/salesforce-d2d

_______________________________________________
Tigervnc-devel mailing list
Tigervnc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tigervnc-devel

[Tigervnc-devel] [PATCH] Help avoid improper use of LogWriter output methods

Reply via email to