- (djm) [auth1.c] Fix format string vulnerability in protocol 1 PAM
account check failure path. The vulnerable format buffer is supplied
from PAM and should not contain attacker-supplied data.
diff --git a/ChangeLog b/ChangeLog
index 726a613..6e6feb6 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,8 @@
20080709
- (djm) [Makefile.in] Print "all tests passed" when all regress tests pass
+ - (djm) [auth1.c] Fix format string vulnerability in protocol 1 PAM
+ account check failure path. The vulnerable format buffer is supplied
+ from PAM and should not contain attacker-supplied data.
20080705
- (djm) [auth.c] Fixed test for locked account on HP/UX with shadowed
@@ -4598,4 +4601,4 @@
OpenServer 6 and add osr5bigcrypt support so when someone migrates
passwords between UnixWare and OpenServer they will still work. OK dtucker@
-$Id: ChangeLog,v 1.5066 2008/07/08 14:21:12 djm Exp $
+$Id: ChangeLog,v 1.5067 2008/07/09 10:54:05 djm Exp $
diff --git a/auth1.c b/auth1.c
index 834ef04..b8a2558 100644
--- a/auth1.c
+++ b/auth1.c
@@ -354,7 +354,7 @@
msg[len] = '\0';
else
msg = "Access denied.";
- packet_disconnect(msg);
+ packet_disconnect("%s", msg);
}
#endif