On Wed, Dec 03, 2003 at 04:30:38PM +0300, S-Quadra Security Research wrote: > if(gotit) > { > // S-Quadra: here is where format string bug lives > fprintf(output,line); > if(strcmp(line,"-----END PGP PUBLIC KEY BLOCK-----\n")==0) > break; > } This one is indeed a problem. > if(strcmp(line,"-----BEGIN PGP PUBLIC KEY BLOCK-----\n")==0) > { > // S-Quadra: here is where format string bug lives > fprintf(output,line); > gotit=1; > } But this one is not. You can't get to the dangerous fprintf without "line" being verified as safe. David