new applet: script
Paul Fox
pgf at brightstareng.com
Wed Feb 27 18:10:46 UTC 2008
> > + execl(shell, strrchr(shell, '/') + 1, shell_arg, cflg, NULL);
> > Theoretically, $SHELL can have no '/'...
> > + bb_perror_msg_and_die(shell);
> > ... but can have '%'!
>
> What can I done with '%' ?
you can break printf. never pass an untrusted string to as
a format string. i think you want:
bb_perror_msg_and_die("%s", shell);
paul
=---------------------
paul fox, pgf at brightstareng.com
More information about the busybox
mailing list