Re: [BUG] Using '%' on wiznet

From: Mysidia (jmhess@i-55.com)
Date: 09/18/02


> -     send_to_char(d->character, buf1);
> +     send_to_char(d->character, "%s", buf1);
>       else
> -     send_to_char(d->character, buf2);
> +     send_to_char(d->character, "%s", buf2);

ack.. this is bad...

This is called a "format string error" and as you noted can be
used to crash things, but there are more serious implications to
having these errors around.. anyone running a mud server that
may have these sorts of errors around _should_ be slightly
concerned as to the security implications.

I don't use pl21, so I don't have a copy handy... however,

if someone who using GCC 3.x would add:

       __attribute__ ((format (printf, 2, 3)))

to their prototype declaration of send_to_char in the .h file
(it goes after the function declaration but before the semicolon)

and add the compiler options: -Wformat -Wformat-nonliteral

Similar errors should be flagged as warnings.

-Mysid

--
   +---------------------------------------------------------------+
   | FAQ: http://qsilver.queensu.ca/~fletchra/Circle/list-faq.html |
   | Archives: http://post.queensu.ca/listserv/wwwarch/circle.html |
   | Newbie List:  http://groups.yahoo.com/group/circle-newbies/   |
   +---------------------------------------------------------------+



This archive was generated by hypermail 2b30 : 06/25/03 PDT