In message <[EMAIL PROTECTED]> Kris Kennaway writes: : It also needs to check they are all of the same type, as changing a %d to : a %s for example could conceivably be exploitable. And you would have to : forbid escaped % characters as well. Yeah, I think that would be : doable. We probably should talk to the gnu gettext guys. Hmmm, yes, you would have to check as well. I thought I said that originally. No need to forbid %%, however. That's not exploitable unless you nest these things, and then all bets are off. Warner To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
- How to stop problems from printf John Doh!
- Re: How to stop problems from printf Alfred Perlstein
- Re: How to stop problems from printf Warner Losh
- Re: How to stop problems from printf Kris Kennaway
- Re: How to stop problems from printf Warner Losh
- Re: How to stop problems from printf Kris Kennaway
- Re: How to stop problems from prin... Warner Losh
- Re: How to stop problems from printf Mike Smith
- Re: How to stop problems from printf Garance A Drosihn
- Re: How to stop problems from printf Mike Smith
- Re: How to stop problems from printf John Doh!
- Re: How to stop problems from printf Jan Knepper
- Re: How to stop problems from printf Kris Kennaway
