It's been a while, so I wanted to bump this patch request. Thanks, Geoff
On Thu, May 12, 2022 at 10:44 AM Geoff Hanson <[email protected]> wrote: > Just wanted to follow up on this again. > > If there's no further comments on the patch, could someone consider > integrating it? > > I've re-attached the patch. > > Thanks, > Geoff > > On Wed, Feb 23, 2022 at 8:14 AM Geoff Hanson <[email protected]> wrote: > >> Just following up on this patch. Are there any more comments on this? >> >> Thanks, >> Geoff >> >> On Tue, Feb 8, 2022 at 11:58 AM Geoff Hanson <[email protected]> wrote: >> >>> Any further feedback on this? >>> >>> Anything more I need to do or is what I've provided sufficient for the >>> bug report? >>> >>> Thanks, >>> Geoff >>> >>> On Tue, Feb 1, 2022 at 12:53 PM Geoff Hanson <[email protected]> wrote: >>> >>>> Hi Bernd. Can you look at my second attachment? As part of addressing >>>> the issue Xabier reported, >>>> I switched to using memcpy. >>>> >>>> Thanks, >>>> Geoff >>>> >>>> On Tue, Feb 1, 2022 at 12:36 PM Bernd Petrovitsch < >>>> [email protected]> wrote: >>>> >>>>> -Hi all! >>>>> >>>>> On 01.02.2022 18:12, Geoff Hanson wrote: >>>>> [...]> In most cases, there's no printf directive so this just means >>>>> it's >>>>> > copying the string. >>>>> >>>>> Using some user-provided string as a format-string opens the >>>>> possibility >>>>> ofexploits - since decades .... >>>>> > But this would cause problems in the case where the string did >>>>> contain %'s. >>>>> >>>>> So why just not only use strncpy(), strlcpy(), memcpy() or similar? >>>>> >>>>> Kind regards, >>>>> Bernd >>>>> >>>>
_______________________________________________ busybox mailing list [email protected] https://lists.busybox.net/mailman/listinfo/busybox
