Fix possible vulnerability due to improper use of "syslog(3)" or

"fprintf(3)".

2 files changed, 22 insertions, 4 deletions

diff --git a/x11/xlockmore/files/patch-sum b/x11/xlockmore/files/patch-sum
index c81cf143b3e..58a270745b5 100644
--- a/x11/xlockmore/files/patch-sum
+++ b/x11/xlockmore/files/patch-sum
@@ -1,7 +1,7 @@
-$NetBSD: patch-sum,v 1.5 2000/08/15 03:54:17 hubertf Exp $
+$NetBSD: patch-sum,v 1.6 2000/08/16 16:39:18 tron Exp $
 
 MD5 (patch-aa) = ef89b7291b0d3c6351330887741cd7ae
-MD5 (patch-ab) = 7992237902b0eed93f476390e81122e7
+MD5 (patch-ab) = dc8c59b349e68bc33a78fde8152a672a
 MD5 (patch-ac) = 982191521403c38e1804c7b078e4f45d
 MD5 (patch-ad) = c8f16f930ebc3a759cc6dbb85da43ffd
 MD5 (patch-ae) = 9dab989b9c932f21d88f08f080221a38
diff --git a/x11/xlockmore/patches/patch-ab b/x11/xlockmore/patches/patch-ab
index c3a9fa459f7..10d755dc522 100644
--- a/x11/xlockmore/patches/patch-ab
+++ b/x11/xlockmore/patches/patch-ab
@@ -1,7 +1,7 @@
-$NetBSD: patch-ab,v 1.7 2000/08/15 03:54:17 hubertf Exp $
+$NetBSD: patch-ab,v 1.8 2000/08/16 16:39:18 tron Exp $
 
 --- xlock/xlock.c.orig	Mon Jul 10 17:46:19 2000
-+++ xlock/xlock.c	Tue Aug 15 05:38:20 2000
++++ xlock/xlock.c	Wed Aug 16 18:38:01 2000
 @@ -597,7 +597,9 @@
  #include <X11/extensions/dpms.h>
  #else /* XFree86 < 4.x */
@@ -12,3 +12,21 @@ $NetBSD: patch-ab,v 1.7 2000/08/15 03:54:17 hubertf Exp $
  extern int  DPMSGetTimeouts(Display *, unsigned short *, unsigned short *, unsigned short *);
  extern int  DPMSSetTimeouts(Display *, unsigned short, unsigned short, unsigned short);
  #endif
+@@ -953,7 +955,7 @@
+ #if defined( HAVE_SYSLOG_H ) && defined( USE_SYSLOG )
+ 	extern Display *dsp;
+ 
+-	syslog(SYSLOG_WARNING, buf);
++	syslog(SYSLOG_WARNING, "%s", buf);
+ 	if (!nolock) {
+ 		if (strstr(buf, "unable to open display") == NULL)
+ 			syslogStop(XDisplayString(dsp));
+@@ -962,7 +964,7 @@
+ 		closelog();
+ 	}
+ #else
+-	(void) fprintf(stderr, buf);
++	(void) fprintf(stderr, "%s", buf);
+ #endif
+ 	exit(1);
+ }