scsh-hackers
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Scsh-hackers] [ scsh-Bugs-745444 ] syslog does not escape percent signs

from [SourceForge.net] [Bookmark Link][Original]
To: noreply@sourceforge.net
Subject: [Scsh-hackers] [ scsh-Bugs-745444 ] syslog does not escape percent signs
From: "SourceForge.net" <noreply@sourceforge.net>
Date: Fri Jun 6 22:37:02 2003
List-id: Discussion among the implementors <scsh-hackers.lists.sourceforge.net>
Sender: scsh-hackers-admin@lists.sourceforge.net 
Bugs item #745444, was opened at 2003-05-29 20:28
Message generated for change (Comment added) made by tjaden
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=110493&aid=745444&group_id=10493

Category: run-time
Group: None
Status: Open
Resolution: None
Priority: 5
Submitted By: Andreas Bernauer (interp)
Assigned to: Nobody/Anonymous (nobody)
Summary: syslog does not escape percent signs

Initial Comment:
----- Forwarded message from Peter Wang <tjaden@alphalink.com.
au> -----
(posted to scsh-news)
Hello, I'm not sure what to make of this.  scsh segfaults if I ask the
SUnet web server for particularly-named files.

Here's the output from the server:

  # ./start-web-server -h /var/www -c /var/www/cgi-bin -p 8000 -l 
/var/log/httpd.log
[...]
   syslogging activated.
  zsh: segmentation fault  ./start-web-server-via-image -h /var/www -c 
/var/www/cgi-bin -p 8000 -l 

Here's the request:

  $ wget 'http://localhost:8000/1 Last Show'
  --02:24:04--  http://localhost:8000/1%20Last%20Show
             => `1%20Last%20Show'
[...]
----- End forwarded message -----

I tracked this error down to the syslog facility. The problem is that
the syslog function seems not to escape the percent signs in the
syslog message. According to the man page the syslog message 
string is formatted like a printf(3) string. On my Linux system the string
`1%20Last%20Show' contains a pointer to an array that is of course 
not present and thus causes a segfault while calling syslog(3).

A solution may be to escape the message string before sending it 
through the FFI (e.g. in scsh/syslog.scm)

The attached file contains a small scsh script that causes the scshvm 
to segfault on both Linux and FreeBSD.

----------------------------------------------------------------------

Comment By: Peter Wang (tjaden)
Date: 2003-06-07 15:36

Message:
Logged In: YES 
user_id=28616

Just tell syslog(3) "%s" then?  I can't find a way to attach
here, so I'll just paste the patch (it's trivial anyway).

--- syslog1.c.old       Thu Mar  6 04:36:12 2003
+++ syslog1.c   Fri Jun  6 23:14:38 2003
@@ -367,7 +367,7 @@
 
   if (!syslog_open)
     s48_raise_string_os_error("syslog isn't open");
-  syslog(facility | level, s48_extract_string (sch_message));
+  syslog(facility | level, "%s", s48_extract_string
(sch_message));
   return S48_UNSPECIFIC;
 }
 


----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=110493&aid=745444&group_id=10493
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Next by Date:  [Scsh-hackers] [ scsh-Bugs-750586 ] Regexp documentation corrections, SourceForge.net
Next by Thread:  [Scsh-hackers] [ scsh-Bugs-745444 ] syslog does not escape percent signs, SourceForge.net
Indexes:  [Date] [Thread] [Top] [All Lists]