Hello to you am I C coder who to wish write programs we cannot exploit via
code such as below.
>
> main(int argc, char **argv)
> {
> if(argc > 1) {
> printf(gettext("usage: %s filename\n"),argv[0]);
> exit(0);
> }
> printf("normal execution proceeds...\n");
> }
Issue is must be getting format string from "untrusted" place, but want to
limit substitution of %... to the substitution of say in example the
argv[0], but to not do others so that say given "usage: %s filename %p" %p
not interpret but to be print instead as literally so we get output of
(saying to be argv[0] as test just for example) usage: test filename %p
any hints you have I am very greatful for.
_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
Share information about yourself, create your own public profile at
http://profiles.msn.com.
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
