Fedora 14 - Format string attack in allegro-tools package

[rafaldworaczek]

Format string attack in pack.c file (package allegro-tools) Fedora 14



Problematic code:



static void err(char *s1, char *s2)

{



   ......

   if (s2)

      printf(s2);

   ......

}





.......

f1 = argv[1];

.......



if (!in) {

      err("can't open ", f1);

      return 1;

}