Hiya,
I'm looking through these because... well, I thought it was a good idea
to check that they were valid and had a few spare minutes which I decided
to use on this...
error.c:264 :
xmlGenericError(xmlGenericErrorContext, "error: ");
XML_GET_VAR_STR(msg, str);
xmlGenericError(xmlGenericErrorContext, str);
if (str != NULL)
xmlFree(str);
Should have the third line saying :
xmlGenericError(xmlGenericErrorContext, "%s", str);
because str is the formatted form and may contain %'s from the users
input embedded in the formatted version.
Other parts of this file have similar problems.
[diffs attached as error.diff]
nanoftp.c:759 (and others) have a very similar issue for user names,
passwords, and a few other bits;
[diffs attached as nanoftp/diff]
I couldn't find any similar problems in libxslt.
I couldn't find any problems with the sax->error(context, format...) calls,
either.
Please understand that this was a /really/ quick look through the code for
this problem, so I may have missed some places.
--
Gerph {djf0-.3w6e2w2.226,6q6w2q2,2.3,2m4}
URL: http://www.movspclr.co.uk/
... Eyes to the heavens, screaming at the sky;
Trying to send you messages, but choking on goodbye.
Attachment:
error.diff
Description: Text document
Attachment:
nanoftp.diff
Description: Text document