[hackers] [sbase][PATCH] printf: handle \0 in %b arguments

From: Evan Gates <evan.gates_AT_gmail.com>
Date: Mon, 24 Oct 2016 08:16:25 -0700

The %b case was using fputs after unescape to print the argument, which
meant that it could not handle nul bytes. Instead, store the length
returned from unescape and use fwrite to properly handle them.
---
 printf.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/printf.c b/printf.c
index 7bf6fe5..4bc645b 100644
--- a/printf.c
+++ b/printf.c
_AT_@ -19,7 +19,7 @@ int
 main(int argc, char *argv[])
 {
 	Rune *rarg;
-	size_t i, j, argi, lastargi, formatlen;
+	size_t i, j, argi, lastargi, formatlen, blen;
 	long long num;
 	double dou;
 	int cooldown = 0, width, precision, ret = 0;
_AT_@ -112,12 +112,12 @@ main(int argc, char *argv[])
 		case 'b':
 			if ((tmp = strstr(arg, "\\c"))) {
 				*tmp = 0;
-				unescape(arg);
-				fputs(arg, stdout);
+				blen = unescape(arg);
+				fwrite(arg, sizeof(*arg), blen, stdout);
 				return 0;
 			}
-			unescape(arg);
-			fputs(arg, stdout);
+			blen = unescape(arg);
+			fwrite(arg, sizeof(*arg), blen, stdout);
 			break;
 		case 'c':
 			unescape(arg);
-- 
2.10.0
Received on Mon Oct 24 2016 - 17:16:25 CEST

This archive was generated by hypermail 2.3.0 : Mon Oct 24 2016 - 17:24:16 CEST