Mercurial > dovecot > core-2.2
changeset 21339:8d49b6ed7bab
lib: Fix %n detection in printf_format_fix_noalloc()
It's undefined how flags, precision or length modifiers are handled with %n,
so make sure we catch all of them to detect an unwanted %n.
| author | Timo Sirainen <timo.sirainen@dovecot.fi> |
|---|---|
| date | Tue, 29 Nov 2016 23:29:04 +0200 |
| parents | bc57c62167fc |
| children | 4efaa627264d |
| files | src/lib/printf-format-fix.c src/lib/test-printf-format-fix.c |
| diffstat | 2 files changed, 4 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/src/lib/printf-format-fix.c Tue Nov 29 23:21:17 2016 +0200 +++ b/src/lib/printf-format-fix.c Tue Nov 29 23:29:04 2016 +0200 @@ -35,11 +35,14 @@ static const char * printf_format_fix_noalloc(const char *format, size_t *len_r) { + static const char *printf_skip_chars = "# -+'I.*0123456789hlLjzt"; const char *ret, *p, *p2; p = ret = format; while ((p2 = strchr(p, '%')) != NULL) { p = p2+1; + while (*p != '\0' && strchr(printf_skip_chars, *p) != NULL) + p++; switch (*p) { case 'n': i_panic("%%n modifier used");
--- a/src/lib/test-printf-format-fix.c Tue Nov 29 23:21:17 2016 +0200 +++ b/src/lib/test-printf-format-fix.c Tue Nov 29 23:29:04 2016 +0200 @@ -99,6 +99,7 @@ { static const char *fatals[] = { "no no no %n's", + "no no no %-1234567890123n's with extra stuff", "%m allowed once, but not twice: %m", "%m must not obscure a later %n", "definitely can't have a tailing %",