security issue: using an un-sanitized string as format of a fprintf
the argument of fprintf, from aSrsName, come from a command line.
It can contain %s or any other kind of formatting instruction that
could be use to do evil things at run-time
diff --git a/rsc/source/prj/start.cxx b/rsc/source/prj/start.cxx
index ecdde6a..832f358 100644
--- a/rsc/source/prj/start.cxx
+++ b/rsc/source/prj/start.cxx
@@ -258,7 +258,7 @@ static BOOL CallRsc2( ByteString aRsc2Name,
#ifdef OS2
fprintf( fRspFile, "%s\n", aSrsName.GetBuffer() );
#else
- fprintf( fRspFile, aSrsName.GetBuffer() );
+ fprintf( fRspFile, "%s", aSrsName.GetBuffer() );
#endif
pString = pInputList->First();
Context
- [Libreoffice] [PATCH] security issue: using an un-sanitized string as format of a fprintf · Norbert Thiebaud
Privacy Policy |
Impressum (Legal Info) |
Copyright information: Unless otherwise specified, all text and images
on this website are licensed under the
Creative Commons Attribution-Share Alike 3.0 License.
This does not include the source code of LibreOffice, which is
licensed under the Mozilla Public License (
MPLv2).
"LibreOffice" and "The Document Foundation" are
registered trademarks of their corresponding registered owners or are
in actual use as trademarks in one or more countries. Their respective
logos and icons are also subject to international copyright laws. Use
thereof is explained in our
trademark policy.