Listing 6.1 provides a patch for the cfinger daemon to eliminate a vulnerability related to processing formatted strings.
snprintf(syslog_str, sizeof(syslog_str), "%s fingered (internal) from %s", username, ident_user); - syslog(LOG_NOTICE, (char *) syslog_str); // User input // in the format argument + syslog(LOG_NOTICE, "%s", (char *) syslog_str); // Explicit specification // of the format argument