Red Hat Bugzilla – Bug 151118
grubby wrongly expands C format strings in grub.conf due to unsafe printf
Last modified: 2007-11-30 17:11:01 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5)
Gecko/20050221 Firefox/1.0 (Ubuntu) (Ubuntu package 1.0+dfsg.1-6ubuntu1)
Description of problem:
I have a line in /boot/grub/grub.conf that specifies terminfo grub
should use (the purpose is to have fancy colors on the serial console):
terminfo --name=linux --cursor-address=\E[%i%p1%d;%p2%dH \
--clear-screen=\E[H\E[J --enter-standout-mode=\e[33;44;1m \
After running "make install" in the kernel directory, the expression
after cursor-address is mangled:
terminfo --name=linux \
This happens because grubby uses printf without an explicit format,
assuming that there are no C formatting directived in grub.conf. Not
only is it wrong, but it might crash grubby in some cases.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Add line containing "# %s" in /boot/grub/grub.conf
2. Install a kernel from sources by running "make install".
3. See /boot/grub/grub.conf
Actual Results: The line becomes "# (null)"
Expected Results: The line should remain "# %s"
Created attachment 112002 [details]
Fix for the bug
The patch fixed all occurrences of *printf with variable format argument.
Fixed in rawhide, thanks for the patch.