Hello, here is the upstream patch I just merge for Redhat Bug 177035. Upstream was vulnerable to 1 out of the 3 flaws spoted by Kiyoshi Ueda. Regards, cvaroqui diff --git a/libmultipath/alias.c b/libmultipath/alias.c --- a/libmultipath/alias.c +++ b/libmultipath/alias.c @@ -106,7 +106,8 @@ lock_bindings_file(int fd) if (err) { if (errno != EINTR) - condlog(0, "Cannot lock bindings file : %s"); + condlog(0, "Cannot lock bindings file : %s", + strerror(errno)); else condlog(0, "Bindings file is locked. Giving up."); } diff --git a/libmultipath/debug.h b/libmultipath/debug.h --- a/libmultipath/debug.h +++ b/libmultipath/debug.h @@ -1,4 +1,5 @@ -void dlog (int sink, int prio, char * fmt, ...); +void dlog (int sink, int prio, char * fmt, ...) + __attribute__((format(printf, 3, 4))); #if DAEMON -- dm-devel@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/dm-devel