On Fri, 2009-04-03 at 12:48 -0400, Michael Peek wrote:
> Dave Kleikamp wrote:
> > On Thu, 2009-04-02 at 11:29 -0400, Michael Peek wrote:
> >
> >> *** %n in writable segment detected ***
> >>
> >>
> > Interesting. I had no idea what "%n in writable segment detected" meant
> > until I googled it. I'm guessing the file name being printed has the
> > string "%n" in it. The %n field modifies the argument passed in, so it
> > can be a security vulnerability. glibc detects this and kills the
> > process.
> >
> >
>
> Aha! Now I have something to go on. (Google, why didn't I think of that!?)
>
> > I think this patch should fix the problem. You can download the
> > jfsutils source from http://jfs.sourceforge.net/source.html#latesrc
> >
>
> I tried the latest 1.1.13, but it has the same problem. So I ran it
> under gdb and traced the problem to fsck/fsck_message.c, to the function
> v_fsck_send_msg(). There is a section that reads:
>
> if (message->msg_level <= msg_lvl) {
> printf(msg_string);
> if (dbg_output) {
> printf(debug_detail);
> }
> else printf("\n");
> }
>
> It's the printf(msg_string) that is causing the trouble. When I changed
> this section from the above to:
>
> if (message->msg_level <= msg_lvl) {
> /* printf(msg_string); */
> puts(msg_string);
> if (dbg_output) {
> printf(debug_detail);
> }
> else printf("\n");
> }
>
> Everything works fine. And all I did was substitute puts() for printf().
Did you not get the patch I attached to the last email? It replaced the
printf with printf("%s", msg_string); Pretty much the same fix. puts()
is a little less overhead.
Thanks,
Shaggy
--
David Kleikamp
IBM Linux Technology Center
------------------------------------------------------------------------------
_______________________________________________
Jfs-discussion mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/jfs-discussion
