> - send_to_char(d->character, buf1);
> + send_to_char(d->character, "%s", buf1);
> else
> - send_to_char(d->character, buf2);
> + send_to_char(d->character, "%s", buf2);
ack.. this is bad...
This is called a "format string error" and as you noted can be
used to crash things, but there are more serious implications to
having these errors around.. anyone running a mud server that
may have these sorts of errors around _should_ be slightly
concerned as to the security implications.
I don't use pl21, so I don't have a copy handy... however,
if someone who using GCC 3.x would add:
__attribute__ ((format (printf, 2, 3)))
to their prototype declaration of send_to_char in the .h file
(it goes after the function declaration but before the semicolon)
and add the compiler options: -Wformat -Wformat-nonliteral
Similar errors should be flagged as warnings.
-Mysid
--
+---------------------------------------------------------------+
| FAQ: http://qsilver.queensu.ca/~fletchra/Circle/list-faq.html |
| Archives: http://post.queensu.ca/listserv/wwwarch/circle.html |
| Newbie List: http://groups.yahoo.com/group/circle-newbies/ |
+---------------------------------------------------------------+
This archive was generated by hypermail 2b30 : 06/25/03 PDT