From 7bc9401a06cc6d62d53ac50139743599530f2dd8 Mon Sep 17 00:00:00 2001 From: Sebastian Pipping Date: Sat, 21 Jun 2008 02:14:19 +0200 Subject: [PATCH] Security flaws in FAPG 0.41 and related patches Hello Antoine! As part of a security course at university our group has studied code of FAPG 0.38. With the help of Splint [1] we were able to find two security flaws that are still present in FAPG 0.41. I have attached a patch to this mail for each flaw. Would be cool if you could include these patches in the next FAPG release. Best regards, Sebastian [1] http://www.splint.org/ Signed-off-by: Antoine Jacquet --- fapg.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/fapg.c b/fapg.c index 17b02b8..0c72af8 100644 --- a/fapg.c +++ b/fapg.c @@ -425,7 +425,7 @@ void print_webpath(const char *path) { const char *c = path; - printf(prefix); /* we must not modify this part */ + printf("%s", prefix); /* we must not modify this part */ if(*c == '.' && c[1] == '/') { /* remove leading "./" when parsing current directory */ c += 2; /* maybe there follow many slashes */ @@ -443,7 +443,7 @@ void print_webpath(const char *path) void print_path(const char *path) { const char *c = path; - printf(prefix); + printf("%s", prefix); /* skip leading "./" when parsing current directory */ if(*c == '.' && *(c + 1) == '/') { c += 2; @@ -500,7 +500,6 @@ void reference(const char *title) pipe = popen(command, "r"); if(pipe == NULL) { fprintf(stderr, "Warning >> can't open pipe >%s< !\n", command); - free(command); return; } fgets(buffer, 1020, pipe); -- 2.20.1