Avoid insecurely passing untrusted string to syslog()

With the second argument to syslog() being a format string, these
function calls obviously need an actual format string prior to the log
message.

Thanks to Alexander Hansen Færøy for noticing and pointing out this
embarrasing mistake.

1 files changed, 10 insertions, 6 deletions

diff --git a/libsyslog/src/syslog.rs b/libsyslog/src/syslog.rs
index 6b36147..2a4d856 100644
--- a/libsyslog/src/syslog.rs
+++ b/libsyslog/src/syslog.rs
@@ -76,13 +76,17 @@ impl log::Log for Syslog {
 
     fn log(&self, record: &Record) {
         if self.enabled(record.metadata()) {
-            if let Ok(msg) = CString::new(format!("{}", record.args())) {
+            if let (Ok(fmt), Ok(msg)) = ( CString::new("%s"),
+                CString::new(format!("{}", record.args())))
+            {
+                let fmt_ptr = fmt.as_ptr();
+                let msg_ptr = msg.as_ptr();
                 match record.level() {
-                    Level::Debug => unsafe { syslog(LOG_DEBUG,   msg.as_ptr()); }
-                    Level::Error => unsafe { syslog(LOG_ERR,     msg.as_ptr()); }
-                    Level::Info  => unsafe { syslog(LOG_INFO,    msg.as_ptr()); }
-                    Level::Warn  => unsafe { syslog(LOG_WARNING, msg.as_ptr()); }
-                    Level::Trace => unsafe { syslog(LOG_DEBUG,   msg.as_ptr()); }
+                    Level::Debug => unsafe { syslog(LOG_DEBUG,   fmt_ptr, msg_ptr); }
+                    Level::Error => unsafe { syslog(LOG_ERR,     fmt_ptr, msg_ptr); }
+                    Level::Info  => unsafe { syslog(LOG_INFO,    fmt_ptr, msg_ptr); }
+                    Level::Warn  => unsafe { syslog(LOG_WARNING, fmt_ptr, msg_ptr); }
+                    Level::Trace => unsafe { syslog(LOG_DEBUG,   fmt_ptr, msg_ptr); }
                 }
             }
         }