|
Check-in Number:
|
2406 | |
| Date: |
2002-Jul-29 13:39:43 (local)
2002-Jul-29 11:39:43 (UTC) |
| User: | thl |
| Branch: | |
| Comment: |
security issue; lib_cfg consideration |
| Tickets: |
|
| Inspections: |
|
| Files: |
|
ossp-pkg/lmtp2nntp/00TODO 1.60 -> 1.61
--- 00TODO 2002/05/28 12:19:47 1.60
+++ 00TODO 2002/07/29 11:39:43 1.61
@@ -75,3 +75,27 @@
crossposting problem -h [Newsgroups:see perl example above and use feature 2.)\n]
potential to merge post/header modes -h [Newsgroups:${_EnvelopeRCPT}\n]
+
+===================================================================
+RCS file: /e/ossp/cvs/ossp-pkg/fsl/fsl.c,v
+retrieving revision 1.22
+retrieving revision 1.21
+diff -r1.22 -r1.21
+341c341
+< if ((l2rv = l2_spec(&ch, ctx.l2_fslenv, "%s", argl2spec)) != L2_OK) {
+---
+> if ((l2rv = l2_spec(&ch, ctx.l2_fslenv, argl2spec)) != L2_OK) {
+513c513
+< if ((l2rv = l2_spec(&ch, ctx.l2_env, "%s", argl2spec)) != L2_OK) {
+---
+> if ((l2rv = l2_spec(&ch, ctx.l2_env, argl2spec)) != L2_OK) {
+
+Fix a big security hole: the l2_spec() is a varargs function which gets
+a format string and variable arguments. In case only a fixed string is
+used we have to use "%s" as the format string or else "%x" in the string
+is treated like a formatter (and hence cause a segfault or whatever
+else if it tries to fetch args from the stack). This especially also no
+longer requires the formatters to be written %%X...
+
+ consider using lib_cfg for configuration file parsing
+
|
|
