[prev in list] [next in list] [prev in thread] [next in thread] 

List:       busybox
Subject:    Re: [PATCH 1/3] fix literal error warning
From:       Manuel Zerpies <manuel.f.zerpies () ww ! stud ! uni-erlangen ! de>
Date:       2012-08-16 15:08:42
Message-ID: 20120816150842.GB7922 () ww ! stud ! uni-erlangen ! de
[Download RAW message or body]

From bfd90cc05ffdd1b1582493b212f1b42f49e49429 Mon Sep 17 00:00:00 2001
From: Manuel Zerpies <manuel.f.zerpies@ww.stud.uni-erlangen.de>
Date: Thu, 16 Aug 2012 11:36:15 +0200
Subject: [PATCH] fix literal error warning

This patch fixes security issues caused by userinput and
format-strings.

Signed-off-by: Manuel Zerpies <manuel.f.zerpies@ww.stud.uni-erlangen.de>
---
Hey guys,

this patch fixes security issues.

In the first case userinput is directly printed which is harmful.

In the second case format-strings are printed without a string that
belongs to it.

Greets,
Manuel

 coreutils/stat.c |    4 ++--
 libbb/dump.c     |    4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/coreutils/stat.c b/coreutils/stat.c
index 3fb212f..f0a61d9 100644
--- a/coreutils/stat.c
+++ b/coreutils/stat.c
@@ -442,7 +442,7 @@ static bool do_statfs(const char *filename, const char *format)
 		     : getfilecon(filename, &scontext)
 		    ) < 0
 		) {
-			bb_perror_msg(filename);
+			bb_perror_msg("%s", filename);
 			return 0;
 		}
 	}
@@ -555,7 +555,7 @@ static bool do_stat(const char *filename, const char *format)
 		     : getfilecon(filename, &scontext)
 		    ) < 0
 		) {
-			bb_perror_msg(filename);
+			bb_perror_msg("%s", filename);
 			return 0;
 		}
 	}
diff --git a/libbb/dump.c b/libbb/dump.c
index 7e43564..91efe41 100644
--- a/libbb/dump.c
+++ b/libbb/dump.c
@@ -613,7 +613,7 @@ static void display(priv_dumper_t* dumper)
 							printf(pr->fmt, (char *) bp);
 							break;
 						case F_TEXT:
-							printf(pr->fmt);
+							printf("%s", pr->fmt);
 							break;
 						case F_U:
 							conv_u(pr, bp);
@@ -663,7 +663,7 @@ static void display(priv_dumper_t* dumper)
 				printf(pr->fmt, (unsigned) dumper->eaddress);
 				break;
 			case F_TEXT:
-				printf(pr->fmt);
+				printf("%s", pr->fmt);
 				break;
 			}
 		}
-- 
1.7.0.4


_______________________________________________
busybox mailing list
busybox@busybox.net
http://lists.busybox.net/mailman/listinfo/busybox
[prev in list] [next in list] [prev in thread] [next in thread]