From 5dc585dac5bd416899c586e70fcfd8e1b90b0f11 Mon Sep 17 00:00:00 2001
From: Michael Hampton <io_error@uncensored.citadel.org>
Date: Sun, 12 Dec 2004 17:33:24 +0000
Subject: [PATCH] * sysdep.c: lprintf(): Bug 124: Fix remote format string
 vulnerability   (thanks to coki@nosystem.com.ar)

---
 citadel/ChangeLog | 5 +++++
 citadel/sysdep.c  | 2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/citadel/ChangeLog b/citadel/ChangeLog
index e0b802133..eecb5d9ec 100644
--- a/citadel/ChangeLog
+++ b/citadel/ChangeLog
@@ -1,4 +1,8 @@
  $Log$
+ Revision 627.12  2004/12/12 17:33:24  error
+ * sysdep.c: lprintf(): Bug 124: Fix remote format string vulnerability
+   (thanks to coki@nosystem.com.ar)
+
  Revision 627.11  2004/12/01 16:28:58  ajc
  * tools.c: don't crash when striplt() is called with z zero length string
 
@@ -6231,3 +6235,4 @@ Sat Jul 11 00:20:48 EDT 1998 Nathan Bryant <bryant@cs.usm.maine.edu>
 
 Fri Jul 10 1998 Art Cancro <ajc@uncensored.citadel.org>
 	* Initial CVS import
+
diff --git a/citadel/sysdep.c b/citadel/sysdep.c
index d52b920be..fd9b3ad96 100644
--- a/citadel/sysdep.c
+++ b/citadel/sysdep.c
@@ -121,7 +121,7 @@ void lprintf(enum LogLevel loglevel, const char *format, ...) {
 				snprintf(buf, 6, "[%3d]", CC->cs_pid);
 				buf[5] = ' ';
 			}
-			syslog(loglevel, buf);
+			syslog(loglevel, "%s", buf);
 		}
 	}
 	else if (loglevel <= verbosity) { 
-- 
2.39.2