On 12/05/2013 12:11 AM, Ian Pilcher wrote:
On 12/04/2013 04:56 PM, Brendan Jones wrote:
Patching is not a problem. Unnecessary is the question. Explain to me
(not you in particular Rahul) how these printf's can possibly be exploited?
char *output;
output = get_user_input(...);
printf(output);
What happens when the user enters %n?
I remain unconvinced. Exploit my system with one of ams, aubio,
hydrogen, jack-keyboard, phasex, portmidi or yoshimi.
I just can't see it
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
