I think a better solution would be to specify a format string for stderr. I believe that's the proper way of handling it, and not including a format string specifier opens you up to a vulnerability.
Cody On Nov 16, 2007 5:46 PM, Karl Berry <[EMAIL PROTECTED]> wrote: > info --file="%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x." > > Thanks for the report. I'll fix it as soon as I can, unless someone > else here can provide a patch. One expedient fix (worked for me anyway) > is included below and is in Texinfo CVS now. I think a better fix would > be to double any % characters in filename in the filesys_error_string > function, which I'll try to get to soon. (The best fix would be to > implement error handling completely differently, but I can't undertake > that.) > > I'm just as happy you didn't send a fully-working exploit to make things > easy for the crackers. > > Best, > Karl > > --- info.c.~1.21.~ 2007-09-21 15:49:26.000000000 -0700 > +++ info.c 2007-11-16 15:37:54.000000000 -0800 > @@ -570,3 +570,6 @@ > fprintf (stderr, "%s: ", program_name); > - fprintf (stderr, format, arg1, arg2); > + if (arg1) > + fprintf (stderr, format, arg1, arg2); > + else > + fputs (format, stderr); > fprintf (stderr, "\n"); >
