On Tue, May 29, 2012 at 12:29 PM, Chad Versace
wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 05/25/2012 08:04 PM, Kristian Høgsberg wrote:
>> On Wed, May 23, 2012 at 11:32:24PM -0700, Chad Versace wrote:
>>> If the MODULEDIR string contains '%', then
>>> snprintf(path, sizeof
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 05/25/2012 08:04 PM, Kristian Høgsberg wrote:
> On Wed, May 23, 2012 at 11:32:24PM -0700, Chad Versace wrote:
>> If the MODULEDIR string contains '%', then
>> snprintf(path, sizeof(path), MODULEDIR "/%s", name);
>> does not do what you want.
>
On Wed, May 23, 2012 at 11:32:24PM -0700, Chad Versace wrote:
> If the MODULEDIR string contains '%', then
> snprintf(path, sizeof(path), MODULEDIR "/%s", name);
> does not do what you want.
Heh, 'buggy' is a little harsh... the format string issue is only a
vulnerability if it's a (runtime) u
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Oh, that's very simple. Why didn't I think of that?
v2 coming soon.
On 05/23/2012 11:36 PM, Dima Ryazanov wrote:
> Wouldn't this be simpler?
>
> snprintf(path, sizeof path, "%s/%s", MODULEDIR, name);
>
> On Wed, May 23, 2012 at 11:32 PM, Chad Versa
Wouldn't this be simpler?
snprintf(path, sizeof path, "%s/%s", MODULEDIR, name);
On Wed, May 23, 2012 at 11:32 PM, Chad Versace wrote:
> If the MODULEDIR string contains '%', then
>snprintf(path, sizeof(path), MODULEDIR "/%s", name);
> does not do what you want.
>
> Fix this by replacing sn
If the MODULEDIR string contains '%', then
snprintf(path, sizeof(path), MODULEDIR "/%s", name);
does not do what you want.
Fix this by replacing snprintf with stncpy followed by strncat.
Signed-off-by: Chad Versace
---
src/compositor.c |8 +---
1 file changed, 5 insertions(+), 3 del
