From owner-freebsd-security Sun Jun 25 11:41:19 2000 Delivered-To: freebsd-security@freebsd.org Received: from sivka.rdy.com (sivka.rdy.com [207.33.166.86]) by hub.freebsd.org (Postfix) with ESMTP id C29B237BCB9 for ; Sun, 25 Jun 2000 11:41:06 -0700 (PDT) (envelope-from dima@rdy.com) Received: (from dima@localhost) by sivka.rdy.com (8.9.3/8.9.3) id LAA01288; Sun, 25 Jun 2000 11:38:03 -0700 (PDT) (envelope-from dima) Message-Id: <200006251838.LAA01288@sivka.rdy.com> Subject: Re: Fwd: WuFTPD: Providing *remote* root since at least1994 In-Reply-To: <3954410B.5716EE5D@softweyr.com> "from Wes Peters at Jun 23, 2000 11:03:07 pm" To: Wes Peters Date: Sun, 25 Jun 2000 11:38:03 -0700 (PDT) Cc: dima@rdy.com, Koga Youichirou , wollman@khavrinen.lcs.mit.edu, silby@silby.com, freebsd-security@FreeBSD.ORG Organization: HackerDome Reply-To: dima@rdy.com From: dima@rdy.com (Dima Ruban) X-Mailer: ELM [version 2.4ME+ PL77 (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Wes Peters writes: > Dima Ruban wrote: > > > > What's the purpose of this patch? > > I didn't look at the code, but to me it sounds like it's pretty much > > irrelevant whether you gonna use ``foo(fmt, string)'' or ``foo(string)'' > > If string contains formatting codes, foo("%s", string) does the right > thing and just puts out the formatting codes in the string. foo(string) > tries to interpret the embedded format codes and blows the stack. > Well, if in addition to "fmt" argument, string will contain formatting code[s], the result will be just the same. (at least with printf() family). > -- > "Where am I, and what am I doing in this handbasket?" > > Wes Peters Softweyr LLC > wes@softweyr.com http://softweyr.com/ > -- dima To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message