Format string bug in deluser
Bug #781907 reported by
Emanuel Bronshtein
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
adduser (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: adduser
/usr/sbin/deluser have format string bug .
test case :
root@emanuel-
root@emanuel-
Integer overflow in format string for prtf at /tmp/%999999999
The bug can be found at :
sub fail {
my ($errorcode, $format, @args) = @_;
printf STDERR "$0: $format",@args;
exit $errorcode;
}
fix can be :
printf STDERR "%s: $format",$0,@args;
also same function exist in adduser script .
To post a comment you must log in.