Hello,
here is the upstream patch I just merge for Redhat Bug 177035.
Upstream was vulnerable to 1 out of the 3 flaws spoted by Kiyoshi Ueda.
Regards,
cvaroqui
diff --git a/libmultipath/alias.c b/libmultipath/alias.c
--- a/libmultipath/alias.c
+++ b/libmultipath/alias.c
@@ -106,7 +106,8 @@ lock_bindings_file(int fd)
if (err) {
if (errno != EINTR)
- condlog(0, "Cannot lock bindings file : %s");
+ condlog(0, "Cannot lock bindings file : %s",
+ strerror(errno));
else
condlog(0, "Bindings file is locked. Giving
up.");
}
diff --git a/libmultipath/debug.h b/libmultipath/debug.h
--- a/libmultipath/debug.h
+++ b/libmultipath/debug.h
@@ -1,4 +1,5 @@
-void dlog (int sink, int prio, char * fmt, ...);
+void dlog (int sink, int prio, char * fmt, ...)
+ __attribute__((format(printf, 3, 4)));
#if DAEMON
--
dm-devel@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/dm-devel
