This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: Fwd: [PATCH] Don't allow attackers to inject arbitrary data into stack through LD_DEBUG
- From: Andreas Schwab <schwab at suse dot de>
- To: Alex <alexinbeijing at gmail dot com>
- Cc: libc-alpha at sourceware dot org
- Date: Mon, 10 Aug 2015 11:11:48 +0200
- Subject: Re: Fwd: [PATCH] Don't allow attackers to inject arbitrary data into stack through LD_DEBUG
- Authentication-results: sourceware.org; auth=none
- References: <1439153945-22973-1-git-send-email-alexinbeijing at gmail dot com> <87fv3s83td dot fsf at igel dot home> <CACsECNf6dB8cAG4EHpox=tg8=+SbeWTb9J=T4zArLtmdQjqkHQ at mail dot gmail dot com> <CACsECNeWcACbJ50wYcrWL804G9o7T8eZT57oFZWS17jVZ98SxA at mail dot gmail dot com> <mvmzj1zmssr dot fsf at hawking dot suse dot de> <CACsECNcLeZW7WnC1mOM7AssN8xatAAHhEOnPAv9VUnup_cmU=Q at mail dot gmail dot com>
Alex <alexinbeijing@gmail.com> writes:
> Andreas, I'm a bit slow here so please help me out: why is the copy
> needed *even if* printf("%s", ...) is used?
Not "even if", but "because". You need to cut off the string before the
separator.
Andreas.
--
Andreas Schwab, SUSE Labs, schwab@suse.de
GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE 1748 E4D4 88E3 0EEA B9D7
"And now for something completely different."