On 14.05.2012 23:13, Jonathan Nieder wrote: > Michael Tokarev wrote: > >> That's the constructs like this: >> >> bb_error_msg_and_die(bb_msg_memory_exhausted); >> >> where bb_msg_memory_exhausted is declared as extern char *. >> This is a poor-man implementation of internal constant >> string folding done by gcc for years. > > How about this patch? It fixes a few bugs, if I understand correctly > (for example, "stat -Z <string with % signs in it>" passes that string > to vasprintf, allowing privilege escalation if a privileged script > uses a user-specified string in that argument). I fear it would > increase the text size, though. > > A better patch might involve introducing a separate > > bb_error_msgf > > function for callers that want to pass a format and letting > bb_error_msg take a simple string, or turning bb_msg_memory_exhausted > et al into string literals as you suggested.
I'm not upstream, but I still don't think this is a right approach. Almost all uses of bb_error_msg and friends are supposed to use static/constant strings, and introducing additional "%s" is just unnecessary. If I were upstream I'd reject this approach. But if you think it is okay, please ask upstream about this approach -- I definitely don't want to carry such a patch in Debian. The stat -Z case is a real bug however, and should be fixed spearately. But this is - IMHO - a different story. Thanks, /mjt -- To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4fb15ba6.2010...@msgid.tls.msk.ru
