d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Don't call printf with no format string. This is technically a security

Browse Source 
vulnerability and could in principle be used to upload a new kernel from the
bootloader :-)
This commit is contained in:
kris 2000-07-10 06:33:55 +00:00
parent 4fbd5eb539
commit 327ea7ad9f
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
sys/boot/common/commands.c
View File

@ -326,7 +326,7 @@ command_echo(int argc, char *argv[])
s = unargv(argc, argv);
if (s != NULL) {
printf(s);
printf("%s", s);
free(s);
}
if (!nl)
@ -378,7 +378,7 @@ command_read(int argc, char *argv[])
name = (argc > 0) ? argv[0]: NULL;
if (prompt != NULL)
printf(prompt);
printf("%s", prompt);
if (timeout >= 0) {
when = time(NULL) + timeout;
while (!ischar())