Blame 0001-check-to-be-sure-that-n-is-not-being-set-as-format-t.patch
|
 |
dfbee81 |
From 78d250ca468bcaa1dfb8f658d75ae324467bb9d6 Mon Sep 17 00:00:00 2001
|
|
|
ddf3382 |
From: Fabrice Bellet <fabrice@bellet.info>
|
|
|
dfbee81 |
Date: Sun, 22 Sep 2013 12:19:18 +0200
|
|
|
dfbee81 |
Subject: [PATCH 1/2] check to be sure that %n is not being set as format type
|
|
|
ddf3382 |
(CVE-2012-2090)
|
|
|
ddf3382 |
|
|
|
ddf3382 |
---
|
|
|
dfbee81 |
src/Environment/fgclouds.cxx | 9 +++++++++
|
|
|
dfbee81 |
1 file changed, 9 insertions(+)
|
|
|
ddf3382 |
|
|
|
0c3bbb0 |
diff --git a/src/Environment/fgclouds.cxx b/src/Environment/fgclouds.cxx
|
|
|
dfbee81 |
index 6e77d9b..b17e53a 100644
|
|
|
0c3bbb0 |
--- a/src/Environment/fgclouds.cxx
|
|
|
0c3bbb0 |
+++ b/src/Environment/fgclouds.cxx
|
|
|
dfbee81 |
@@ -214,6 +214,15 @@ void FGClouds::buildLayer(int iLayer, const string& name, double coverage) {
|
|
|
dfbee81 |
double count = acloud->getDoubleValue("count", 1.0);
|
|
|
0c3bbb0 |
tCloudVariety[CloudVarietyCount].count = count;
|
|
|
0c3bbb0 |
int variety = 0;
|
|
|
dfbee81 |
+ // It is never safe for cloud_name.c_str to be %n.
|
|
|
dfbee81 |
+ string unsafe ("%n");
|
|
|
dfbee81 |
+ size_t found;
|
|
|
0c3bbb0 |
+
|
|
|
dfbee81 |
+ found=cloud_name.find(unsafe);
|
|
|
dfbee81 |
+ if (found!=string::npos) {
|
|
|
dfbee81 |
+ SG_LOG(SG_GENERAL, SG_ALERT, "format type contained %n, but this is unsafe , ignore it");
|
|
|
dfbee81 |
+ continue;
|
|
|
dfbee81 |
+ }
|
|
|
0c3bbb0 |
char variety_name[50];
|
|
|
0c3bbb0 |
do {
|
|
|
0c3bbb0 |
variety++;
|
|
|
ddf3382 |
--
|
|
|
dfbee81 |
1.8.3.1
|
|
|
ddf3382 |
|