[18999] in bugtraq
Re: m4 format string vulnerability
daemon@ATHENA.MIT.EDU (Jarno Huuskonen)
Sun Feb 4 23:59:20 2001
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Message-ID: <20010204102731.A100390@messi.uku.fi>
Date: Sun, 4 Feb 2001 10:27:31 +0200
Reply-To: Jarno Huuskonen <Jarno.Huuskonen@UKU.FI>
From: Jarno Huuskonen <Jarno.Huuskonen@UKU.FI>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <20010203155430.A3312@kerouac.mg.de>; from bluehell@GMX.NET on
Sat, Feb 03, 2001 at 03:54:30PM +0100
On Sat, Feb 03, Mike Gerber wrote:
> confirmed for red hat linux 7.0:
>
> [kerouac:mg:~]m4 -G %x
> m4: 80499d9: Datei oder Verzeichnis nicht gefunden
> [kerouac:mg:~]cat /etc/redhat-release
> Red Hat Linux release 7.0 (Guinness)
> [kerouac:mg:~]rpm -q m4
> m4-1.4.1-3
I don't see this as a big problem, but here's a patch:
--- m4-1.4/src/m4.c.orig Sat Feb 3 23:06:37 2001
+++ m4-1.4/src/m4.c Sat Feb 3 23:07:26 2001
@@ -369,7 +369,7 @@
case 'o':
if (!debug_set_output (optarg))
- error (0, errno, optarg);
+ error (0, errno, "%s", optarg);
break;
case 's':
@@ -466,7 +466,7 @@
fp = path_search (argv[optind]);
if (fp == NULL)
{
- error (0, errno, argv[optind]);
+ error (0, errno, "%s", argv[optind]);
continue;
}
else
One thing I noticed: if your system doesn't have mkstemp/tmpfile
m4 comes with its own implementation of tmpfile/mkstemp.
This uses mktemp and open (w/out O_EXCL).
-Jarno
