[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: procmail

On Sun, 2003-10-12 at 01:41, aaa aaa wrote:
> Here is simple advisory

>  if(rename(name,buf2))                    /* try and move it out of the way */
>   { syslog(LOG_ALERT,renfbogus,name,buf2);              /* danger!  danger! */
>     return 1;
>   }
>  syslog(LOG_CRIT,renbogus,name,buf2);
>  return 0;

> And we probably don't have control with buf ;( but we have in theory all control
> to do format string bug with use function rnmbogus(). Meybe it is bug?

No. The format parameters are renfbogus and renbogus, not name. They are
both static strings. No bugs there.

> Btw. Procmail have realy FUCKED UP source ;(

Yea, it really is. Once it took me half an hour just to figure out code
execution path to certain location of the code.