Hello Antoine!
As part of a security course at university our group has
studied code of FAPG 0.38. With the help of Splint [1]
we were able to find two security flaws that are still
present in FAPG 0.41.
I have attached a patch to this mail for each flaw.
Would be cool if you could include these patches
in the next FAPG release.
Best regards,
Sebastian
[1] http://www.splint.org/
Signed-off-by: Antoine Jacquet <royale@zerezo.com>
- printf(prefix); /* we must not modify this part */
+ printf("%s", prefix); /* we must not modify this part */
if(*c == '.' && c[1] == '/') { /* remove leading "./" when parsing current directory */
c += 2;
/* maybe there follow many slashes */
if(*c == '.' && c[1] == '/') { /* remove leading "./" when parsing current directory */
c += 2;
/* maybe there follow many slashes */
void print_path(const char *path)
{
const char *c = path;
void print_path(const char *path)
{
const char *c = path;
/* skip leading "./" when parsing current directory */
if(*c == '.' && *(c + 1) == '/') {
c += 2;
/* skip leading "./" when parsing current directory */
if(*c == '.' && *(c + 1) == '/') {
c += 2;
pipe = popen(command, "r");
if(pipe == NULL) {
fprintf(stderr, "Warning >> can't open pipe >%s< !\n", command);
pipe = popen(command, "r");
if(pipe == NULL) {
fprintf(stderr, "Warning >> can't open pipe >%s< !\n", command);
return;
}
fgets(buffer, 1020, pipe);
return;
}
fgets(buffer, 1020, pipe);