udhcpc6 expects string for bootfile-param opt(60)
Bernd Petrovitsch
bernd at petrovitsch.priv.at
Tue Feb 1 20:36:51 UTC 2022
-Hi all!
On 01.02.2022 18:12, Geoff Hanson wrote:
[...]> In most cases, there's no printf directive so this just means it's
> copying the string.
Using some user-provided string as a format-string opens the possibility
ofexploits - since decades ....
> But this would cause problems in the case where the string did contain %'s.
So why just not only use strncpy(), strlcpy(), memcpy() or similar?
Kind regards,
Bernd
More information about the busybox
mailing list