-----Original Message-----
From: dkim-ops-bounces(_at_)mipassoc(_dot_)org
[mailto:dkim-ops-bounces(_at_)mipassoc(_dot_)org] On Behalf Of Jeff Macdonald
Sent: Tuesday, May 17, 2011 1:48 PM
To: MH Michael Hammer (5304)
Cc: dkim-ops(_at_)mipassoc(_dot_)org
Subject: Re: [dkim-ops] FW: how can use the DKIM the function
Ok, I'll bite.
How can:
log_write(0, LOG_MAIN, (char *)logmsg)
be used to arbitrarily inject code? I understand the concept, but
having % in the logmsg with no parameters to feed it seems harmless to
me.
There was some other macro expansion mechanism in there that was unchecked. It
wasn't a typical printf-style expansion but it did cause file accesses and the
like, meaning user-provided data could cause unauthorized file system
operations. Scary.
_______________________________________________
dkim-ops mailing list
dkim-ops(_at_)mipassoc(_dot_)org
http://mipassoc.org/mailman/listinfo/dkim-ops