Ben Elliston wrote:
On Sat, Oct 27, 2018 at 11:48:08PM -0500, Jacob Bachmeyer wrote:
A message that contains a '%' character will cause Tcl to raise an
error at the format in record_test in lib/framework.exp on line 803
as of commit 81651abb04defb181f9c98bfcc55e077dcaea452. This is a
"classic" format string vulnerability, except that Tcl catches it
and raises an error.
Thanks!
Oops... I have since realized that the patch in my previous message was
subtly wrong -- it reversed the order of the pass name and message. I
did not notice because I had not actually looked at the test log -- the
program I use for summarizing the log keys off of the "Running pass"
messages instead and only counts passes/fails/etc. for a nice summary
table. /Mea culpa/; here is a corrected patch.
corrected patch: (also relative to commit
81651abb04defb181f9c98bfcc55e077dcaea452)
diff --git a/lib/framework.exp b/lib/framework.exp
index 6cb93c5..50ac757 100644
--- a/lib/framework.exp
+++ b/lib/framework.exp
@@ -800,7 +800,7 @@ proc record_test { type message args } {
global multipass_name
if { $multipass_name != "" } {
- set message [format "$type: %s: $message" "$multipass_name"]
+ set message [format "%s: %s: %s" "$type" "$multipass_name" "$message"]
} else {
set message "$type: $message"
}
-- Yours sheepishly, Jacob
_______________________________________________
Bug-dejagnu mailing list
[email protected]
https://lists.gnu.org/mailman/listinfo/bug-dejagnu
