Re: [BUG] Using '%' on wiznet

From: Mysidia (
Date: 09/18/02

> -     send_to_char(d->character, buf1);
> +     send_to_char(d->character, "%s", buf1);
>       else
> -     send_to_char(d->character, buf2);
> +     send_to_char(d->character, "%s", buf2);

ack.. this is bad...

This is called a "format string error" and as you noted can be
used to crash things, but there are more serious implications to
having these errors around.. anyone running a mud server that
may have these sorts of errors around _should_ be slightly
concerned as to the security implications.

I don't use pl21, so I don't have a copy handy... however,

if someone who using GCC 3.x would add:

       __attribute__ ((format (printf, 2, 3)))

to their prototype declaration of send_to_char in the .h file
(it goes after the function declaration but before the semicolon)

and add the compiler options: -Wformat -Wformat-nonliteral

Similar errors should be flagged as warnings.


   | FAQ: |
   | Archives: |
   | Newbie List:   |

This archive was generated by hypermail 2b30 : 06/25/03 PDT