Hi, Pavel! This patch fixes 2 possible buffer overflows in the mc. Test case: 1. Be sure there is no %d file in the current directory. 2. Type M-! 3. Type "gzip %d" and press Enter.
'%s' can crash your mc. P.S. Please commit this patch, I have not access to cvs now. src/ChangeLog: * utilunix.c (close_error_pipe): Use "%s" in message () to prevent possible crash. (check_error_pipe): Likewise. --- src/utilunix.c Tue Mar 19 17:36:45 2002 +++ src/utilunix.c Mon Jul 1 16:37:53 2002 @@ -401,7 +401,7 @@ close_error_pipe (int error, char *text) if (len == 0) return 0; /* Nothing to show */ /* Show message from pipe */ - message (error, title, msg); + message (error, title, "%s", msg); } else { /* Show given text and possible message from pipe */ message (error, title, " %s \n %s ", text, msg); @@ -435,9 +435,9 @@ void check_error_pipe (void) close (error_pipe[0]); } if (len > 0) - message (0, _(" Warning "), error); + message (0, _(" Warning "), "%s", error); } -#endif +#endif /* !VFS_STANDALONE */ static struct sigaction ignore, save_intr, save_quit, save_stop; _______________________________________________ Mc-devel mailing list [EMAIL PROTECTED] http://mail.gnome.org/mailman/listinfo/mc-devel