[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: texinfo vulnerability still working in 4.11
From: |
Karl Berry |
Subject: |
Re: texinfo vulnerability still working in 4.11 |
Date: |
Fri, 16 Nov 2007 17:46:58 -0600 |
info --file="%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x."
Thanks for the report. I'll fix it as soon as I can, unless someone
else here can provide a patch. One expedient fix (worked for me anyway)
is included below and is in Texinfo CVS now. I think a better fix would
be to double any % characters in filename in the filesys_error_string
function, which I'll try to get to soon. (The best fix would be to
implement error handling completely differently, but I can't undertake
that.)
I'm just as happy you didn't send a fully-working exploit to make things
easy for the crackers.
Best,
Karl
--- info.c.~1.21.~ 2007-09-21 15:49:26.000000000 -0700
+++ info.c 2007-11-16 15:37:54.000000000 -0800
@@ -570,3 +570,6 @@
fprintf (stderr, "%s: ", program_name);
- fprintf (stderr, format, arg1, arg2);
+ if (arg1)
+ fprintf (stderr, format, arg1, arg2);
+ else
+ fputs (format, stderr);
fprintf (stderr, "\n");