I work in information flow analysis of programs and my analysis gave a possible warning with respect to format string vulnerability in ayttm.
Function "http_connect" populates "debug_buff" through "inputline". "inputline" is populated through an external "recv" command. "debugf" is passed directly to printf without a format string.
Code: (in http_connect)
//Populates inputine through recv call
//Moves inputline to debug_buff
snprintf(debug_buff, sizeof(debug_buff), <%s\n",inputline);
//Passes to debug_print a.k.a printf
Our analysis flagged this behavior.
However, we are not sure whether ayttm developers are aware of this behaviour. This might very well be a false positive. We just wanted to confirm our analysis.
Any response in this regard will be appreciated.