Public bug reported:
Binary package hint: adduser
/usr/sbin/deluser have format string bug .
test case :
root@emanuel-desktop:/tmp# mkdir %999999999999999s
root@emanuel-desktop:/tmp# /tmp/%999999999999999s/../../usr/sbin/deluser Bug
Integer overflow in format string for prtf at
/tmp/%999999999999999s/../../usr/sbin/deluser line 469.
The bug can be found at :
sub fail {
my ($errorcode, $format, @args) = @_;
printf STDERR "$0: $format",@args;
exit $errorcode;
}
fix can be :
printf STDERR "%s: $format",$0,@args;
also same function exist in adduser script .
** Affects: adduser (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/781907
Title:
Format string bug in deluser
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
