Comment 2 for bug 1580348
Revision history for this message
| Thorsten Glaser (mirabilos) wrote Re: [Bug 1580348] [NEW] mksh 52c bi_errorf(Tbadsubst) format string is not a string literal | #2 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
73416ba
(Get the code!)
Chih-Hung Hsieh dixit:
>change
> bi_errorf(
>to
> bi_errorf0(
>where bi_errorf0 is declared as
> void bi_errorf0(const char *); // without format check
>and implemented as a weak alias:
> void bi_errorf0(const char *s) __attribute_
For the record: this is both compiler-specific (there’s no direct
use of __attribute__ in the code, and there must not be any use
that can’t be done with other compilers either) and insecure. DO
NOT DO THAT. Those strings are actually format strings and treated
as such.
bye,
//mirabilos
--
(gnutls can also be used, but if you are compiling lynx for your own use,
there is no reason to consider using that package)
-- Thomas E. Dickey on the Lynx mailing list, about OpenSSL