Hi,

I work in information flow analysis of programs and my analysis gave a possible warning with respect to format string vulnerability in ayttm. 

Function "http_connect" populates "debug_buff" through "inputline". "inputline" is populated through an external "recv" command. "debugf" is passed directly to printf without a format string.


Code: (in http_connect)

//Populates inputine through recv call
ay_recv_line(sockfd,&inputline)

//Moves inputline to debug_buff
snprintf(debug_buff, sizeof(debug_buff), <%s\n",inputline); 
  

//Passes to debug_print a.k.a printf
debug_print(debug_buff)

Our analysis flagged this behavior. 

However, we are not sure whether ayttm developers are aware of this behaviour. This might very well be a false positive. We just wanted to confirm our analysis.

Any response in this regard will be appreciated.

Thanks

Regards,
Kapil