From: Sebastian Pipping Date: Sat, 21 Jun 2008 00:14:19 +0000 (+0200) Subject: Security flaws in FAPG 0.41 and related patches X-Git-Tag: v0.42~2 X-Git-Url: http://royale.zerezo.com/git/?a=commitdiff_plain;h=7bc9401a06cc6d62d53ac50139743599530f2dd8;p=FAPG Security flaws in FAPG 0.41 and related patches Hello Antoine! As part of a security course at university our group has studied code of FAPG 0.38. With the help of Splint [1] we were able to find two security flaws that are still present in FAPG 0.41. I have attached a patch to this mail for each flaw. Would be cool if you could include these patches in the next FAPG release. Best regards, Sebastian [1] http://www.splint.org/ Signed-off-by: Antoine Jacquet --- diff --git a/fapg.c b/fapg.c index 17b02b8..0c72af8 100644 --- a/fapg.c +++ b/fapg.c @@ -425,7 +425,7 @@ void print_webpath(const char *path) { const char *c = path; - printf(prefix); /* we must not modify this part */ + printf("%s", prefix); /* we must not modify this part */ if(*c == '.' && c[1] == '/') { /* remove leading "./" when parsing current directory */ c += 2; /* maybe there follow many slashes */ @@ -443,7 +443,7 @@ void print_webpath(const char *path) void print_path(const char *path) { const char *c = path; - printf(prefix); + printf("%s", prefix); /* skip leading "./" when parsing current directory */ if(*c == '.' && *(c + 1) == '/') { c += 2; @@ -500,7 +500,6 @@ void reference(const char *title) pipe = popen(command, "r"); if(pipe == NULL) { fprintf(stderr, "Warning >> can't open pipe >%s< !\n", command); - free(command); return; } fgets(buffer, 1020, pipe);