[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug-dejagnu] BUG: improper format string construction in framework.exp

From: Jacob Bachmeyer
Subject: [Bug-dejagnu] BUG: improper format string construction in framework.exp
Date: Sat, 27 Oct 2018 23:48:08 -0500
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv: Gecko/20090807 MultiZilla/ SeaMonkey/1.1.17 Mnenhy/

A message that contains a '%' character will cause Tcl to raise an error at the format in record_test in lib/framework.exp on line 803 as of commit 81651abb04defb181f9c98bfcc55e077dcaea452. This is a "classic" format string vulnerability, except that Tcl catches it and raises an error.


diff --git a/lib/framework.exp b/lib/framework.exp
index 6cb93c5..9dd0b90 100644
--- a/lib/framework.exp
+++ b/lib/framework.exp
@@ -800,7 +800,7 @@ proc record_test { type message args } {

    global multipass_name
    if { $multipass_name != "" } {
-       set message [format "$type: %s: $message" "$multipass_name"]
+       set message [format "$type: %s: %s" "$message" "$multipass_name"]
    } else {
       set message "$type: $message"

-- Jacob

reply via email to

[Prev in Thread] Current Thread [Next in Thread]