From owner-freebsd-hackers  Thu Sep  7 19:59:43 2000
Delivered-To: freebsd-hackers@freebsd.org
Received: from rover.village.org (rover.village.org [204.144.255.49])
	by hub.freebsd.org (Postfix) with ESMTP
	id 070B137B423; Thu,  7 Sep 2000 19:59:40 -0700 (PDT)
Received: from harmony.village.org (harmony.village.org [10.0.0.6])
	by rover.village.org (8.9.3/8.9.3) with ESMTP id UAA40578;
	Thu, 7 Sep 2000 20:59:38 -0600 (MDT)
	(envelope-from imp@harmony.village.org)
Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id UAA50393; Thu, 7 Sep 2000 20:59:18 -0600 (MDT)
Message-Id: <200009080259.UAA50393@harmony.village.org>
To: "John Doh!" <johndoh_@hotmail.com>
Subject: Re: How to stop problems from printf 
Cc: security@FreeBSD.ORG, hackers@FreeBSD.ORG
In-reply-to: Your message of "Thu, 07 Sep 2000 18:27:57 +0700."
		<F159yCTr9rf3yXvEbjk00001dc1@hotmail.com> 
References: <F159yCTr9rf3yXvEbjk00001dc1@hotmail.com>  
Date: Thu, 07 Sep 2000 20:59:18 -0600
From: Warner Losh <imp@village.org>
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

In message <F159yCTr9rf3yXvEbjk00001dc1@hotmail.com> "John Doh!" writes:
: Issue is must be getting format string from "untrusted" place, but want to 
: limit substitution of %... to the substitution of say in example the 
: argv[0], but to not do others so that say given "usage: %s filename %p" %p 
: not interpret but to be print instead as literally so we get output of 
: (saying to be argv[0] as test just for example) usage: test filename %p
: 
: any hints you have I am very greatful for.

Fix gettext to only allow N arguments in the same order that the
original message had.

Warner


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message