Дана 24/04/15 02:25AM, Jeremy Mates написа:
> TL;DR it's TERMINFO related or when ~/.terminfo exists and no TERM file
> exists therein. Also trying to read "none" (or maybe also "none.db" when
> the TERMINFO thing happens) from the current working directory might not
> be a good idea, if an attacker can put naughty things into either of
> those files and a sh or ksh or whatever is run in a suitable directory?
Just to clarify, this particular instance of this issue seems to be related to
terminfo.
In general, as I stated earlier, the log message
... [program_name]: vfprintf %s NULL in "[format_string]"
is output whenever NULL is passed to the *printf family of functions. That
could be vfprintf, but also printf, fprintf, sprintf... and so on and so forth.
The inconvenient part of this otherwise very useful mechanism of detecting
incorrect code is that there is no precise indication of the location in the
source code which is incorrectly written in this manner. It could be the
program itself, or it could be one of the libraries it uses, as is likely the
case here. The only clue is the format string in the message, which could be
not distinctive enough.
