Re: texinfo vulnerability still working in 4.11

bug-texinfo

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: texinfo vulnerability still working in 4.11

From:	Karl Berry
Subject:	Re: texinfo vulnerability still working in 4.11
Date:	Fri, 16 Nov 2007 17:46:58 -0600

    info --file="%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x."

Thanks for the report.  I'll fix it as soon as I can, unless someone
else here can provide a patch.  One expedient fix (worked for me anyway)
is included below and is in Texinfo CVS now.  I think a better fix would
be to double any % characters in filename in the filesys_error_string
function, which I'll try to get to soon.  (The best fix would be to
implement error handling completely differently, but I can't undertake
that.)

I'm just as happy you didn't send a fully-working exploit to make things
easy for the crackers.

Best,
Karl

--- info.c.~1.21.~      2007-09-21 15:49:26.000000000 -0700
+++ info.c      2007-11-16 15:37:54.000000000 -0800
@@ -570,3 +570,6 @@
       fprintf (stderr, "%s: ", program_name);
-      fprintf (stderr, format, arg1, arg2);
+      if (arg1)
+        fprintf (stderr, format, arg1, arg2);
+      else
+        fputs (format, stderr);
       fprintf (stderr, "\n");

[Prev in Thread]

Current Thread

[Next in Thread]

texinfo vulnerability still working in 4.11, Cody Rester, 2007/11/16
- Re: texinfo vulnerability still working in 4.11, Karl Berry <=
  - Re: texinfo vulnerability still working in 4.11, Cody Rester, 2007/11/18
    - Re: texinfo vulnerability still working in 4.11, Karl Berry, 2007/11/18

Prev by Date: texinfo vulnerability still working in 4.11
Next by Date: Re: texinfo-format-buffer doesn't produce info index properly
Previous by thread: texinfo vulnerability still working in 4.11
Next by thread: Re: texinfo vulnerability still working in 4.11
Index(es):
- Date
- Thread