windows-printf-format-string-protection-20080108
authorJeffrey Altman <jaltman@secure-endpoints.com>
Tue, 8 Jan 2008 06:27:36 +0000 (06:27 +0000)
committerJeffrey Altman <jaltman@secure-endpoints.com>
Tue, 8 Jan 2008 06:27:36 +0000 (06:27 +0000)
commita05df915505ab3e77e46e39a5b232086c43fc8bf
tree64f0187356003d29b06417f1e46f9b14c0a9213b
parentbe4da54fa06c0a6f43c0be09e1339d29cc4b5e5a
windows-printf-format-string-protection-20080108

LICENSE MIT

Do not pass strings generated from incoming network data to ??printf
as the format string.  Instead use a format string of "%s".  This protects
against %? expansions being inserted in the string.
src/WINNT/afsd/smb3.c