User: Password:
Subscribe / Log in / New account

Format string vulnerabilities

Format string vulnerabilities

Posted Feb 3, 2012 5:30 UTC (Fri) by geofft (subscriber, #59789)
In reply to: Format string vulnerabilities by csd
Parent article: Format string vulnerabilities

But they weren't printing a literal string, they were trying to modify a format string to prepend the name of the program, and call printf again. They did correctly pass the program name to a "%s", they just passed the result of that to another printf-family call, which caused the program name to be interpreted at that point.

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds