On Thu, 27 Jun 2002, Mathew Earle Reuther wrote:
>I ran into a number of send_to_char calls which looked similar to this:
>
>send_to_char(buf, d->character)
>
>Which I then changed to:
>
>send_to_char(d->character, buf)
send_to_char(d->character, "%s", buf);
There've been a number of security breaches in programs due to not having
the "%s" in there. It's because "buf" can be instrumented to have any of
the printf formats by an attacker and the %n one writes to memory.
>Is that the correct method of writing those, or should d->character be
>simply ch as such:
>
>send_to_char(ch, buf)
Depends on if you have a 'struct char_data' (usually) or 'struct
descriptor_data' available. Places with the descriptor tend to use
write_to_output().
--
George Greer
greerga@circlemud.org
--
+---------------------------------------------------------------+
| FAQ: http://qsilver.queensu.ca/~fletchra/Circle/list-faq.html |
| Archives: http://post.queensu.ca/listserv/wwwarch/circle.html |
| Newbie List: http://groups.yahoo.com/group/circle-newbies/ |
+---------------------------------------------------------------+
This archive was generated by hypermail 2b30 : 06/25/03 PDT