From 13989a252113334c4aa040968a0fdce0761c71f9 Mon Sep 17 00:00:00 2001
From: Przemyslaw Czerpak <druzus@priv.onet.pl>
Date: Mon, 26 Apr 2010 09:44:13 +0000
Subject: [PATCH] 2010-04-26 11:44 UTC+0200 Przemyslaw Czerpak
 (druzus/at/priv.onet.pl)   * harbour/src/common/hbtrace.c     ! fixed
 potential GPF/memory corruption due to direct passing formatted       string
 as format to syslog() function. Please remember to never create       code
 like 'printf( str );' if str can contain printf escape characters      
 because it may cause any unpredictable results. Always use       'printf(
 "%s", str);' in such context.       BTW It's one of the most common bug used
 by hackers in buffer/stack       overflow attacks, i.e. using str with %n
 conversion specifier.     % eliminated unnecessary buffer conversion in *nix
 builds

---
 harbour/ChangeLog            | 11 +++++++++++
 harbour/src/common/hbtrace.c | 14 +++++---------
 2 files changed, 16 insertions(+), 9 deletions(-)

diff --git a/harbour/ChangeLog b/harbour/ChangeLog
index 60c023ea69..75ab7d2dde 100644
--- a/harbour/ChangeLog
+++ b/harbour/ChangeLog
@@ -17,6 +17,17 @@
    past entries belonging to author(s): Viktor Szakats.
 */
 
+2010-04-26 11:44 UTC+0200 Przemyslaw Czerpak (druzus/at/priv.onet.pl)
+  * harbour/src/common/hbtrace.c
+    ! fixed potential GPF/memory corruption due to direct passing formatted
+      string as format to syslog() function. Please remember to never create
+      code like 'printf( str );' if str can contain printf escape characters
+      because it may cause any unpredictable results. Always use
+      'printf( "%s", str);' in such context.
+      BTW It's one of the most common bug used by hackers in buffer/stack
+      overflow attacks, i.e. using str with %n conversion specifier.
+    % eliminated unnecessary buffer conversion in *nix builds
+
 2010-04-26 10:35 UTC+0200 Viktor Szakats (harbour.01 syenar.hu)
   * INSTALL
     + Added another envvar to the list of unnececessary ones.
diff --git a/harbour/src/common/hbtrace.c b/harbour/src/common/hbtrace.c
index d794148270..8aa16bd34b 100644
--- a/harbour/src/common/hbtrace.c
+++ b/harbour/src/common/hbtrace.c
@@ -254,16 +254,8 @@ static void hb_tracelog_( int level, const char * file, int line, const char * p
       }
 #  else
       {
-         char psz[ 1024 ];
          int slevel;
 
-         if( proc )
-            hb_snprintf( psz, sizeof( psz ), "%s:%d:%s() %s %s",
-                         file, line, proc, pszLevel, message );
-         else
-            hb_snprintf( psz, sizeof( psz ), "%s:%d: %s %s",
-                         file, line, pszLevel, message );
-
          switch( level )
          {
             case HB_TR_ALWAYS:  slevel = LOG_ALERT;   break;
@@ -275,7 +267,11 @@ static void hb_tracelog_( int level, const char * file, int line, const char * p
             default:            slevel = LOG_DEBUG;
          }
 
-         syslog( slevel, psz );
+         if( proc )
+            syslog( slevel, "%s:%d:%s() %s %s", file, line, proc,
+                    pszLevel, message );
+         else
+            syslog( slevel, "%s:%d: %s %s", file, line, pszLevel, message );
       }
 #  endif
 #endif