SN 824: Avaddon Ransonomics

Beep boop - this is a robot. A new show has been posted to TWiT…

What are your thoughts about today’s show? We’d love to hear from you!

I was able to get Windows 11 Pro running.

Yes, it is a while since I have done any C and the %n threw me. Like @Leo and you, I didn’t look properly and mixed %n with \n.

printf always flumoxed me, coming from other languages, where you just concatenated the variables together.

Not just printf, it could also be used elsewhere. But, yes, he should have escaped (sanitised) the string before displaying it (%n would become %%n or \%n, I believe, without going and looking it up, then it would actually display %n instead of actioning it).

I would like to see the code to understand how this mistake could happen. I can’t imagine ever writing code where I would take “user input” (the SSID) and use it as the format string for any call to a string formatter. The format string is virtually always a constant string built into your program.

1 Like

Yes, but to display the SSID, you are pushing a variable, which itself contains additional formatting information at the display command, I’m guessing it just interprets it as further formatting.

I’m assuming that the un-escaped version has to stored in the configuration, in order to be able to connect to the access point (if the name was escaped when connecting, it would fail, because it would have a different name due to the escaping), but the internal display routine that shows the list of known wi-fi hotspots doesn’t re-escape the string before displaying it.