Skip to content
Snippets Groups Projects
Commit 3290e7b1 authored by deuce's avatar deuce
Browse files

Add security warning if a PRINT string contains %s

parent 16bab0d4
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
Showing
with 4 additions and 0 deletions
src/sbbs3/baja.c
+ 4
0
View file @ 3290e7b1
...@@ -2265,6 +2265,10 @@ void compile(char *src) ...@@ -2265,6 +2265,10 @@ void compile(char *src)
if(!stricmp(p,"PRINT")) { if(!stricmp(p,"PRINT")) {
if(!(*arg)) break; if(!(*arg)) break;
fprintf(out,"%c",CS_PRINT); fprintf(out,"%c",CS_PRINT);
if(strstr(arg,"%s")!=NULL) {
printf("!WARNING: PRINT \"%%s\" is a security hole if STR contains unvalidated input\n");
printf(linestr,src,line,save);
}
writecstr(arg); writecstr(arg);
continue; } continue; }
if(!stricmp(p,"PRINT_LOCAL")) { if(!stricmp(p,"PRINT_LOCAL")) {
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment