Re: [Libreoffice] [PATCH] security issue: using an un-sanitized string as format of a fprintf

Cédric Bosdonnat <cedric.bosdonnat.ooo -AT- free.fr>

Mon, 04 Oct 2010 10:19:51 +0200

Hi Norbert, On Sun, 2010-10-03 at 02:02 -0500, Norbert Thiebaud wrote:

security issue: using an un-sanitized string as format of a fprintf

the argument of fprintf, from aSrsName, come from a command line.
It can contain %s or any other kind of formatting instruction that
could be use to do evil things at run-time

Pushed the patch ins libs-gui, thanks for it. Regards, -- Cedric

Context

[Libreoffice] [PATCH] security issue: using an un-sanitized string as format of a fprintf · Norbert Thiebaud

Re: [Libreoffice] [PATCH] security issue: using an un-sanitized string as format of a fprintf · Cédric Bosdonnat

Privacy Policy | Impressum (Legal Info) | Copyright information: Unless otherwise specified, all text and images on this website are licensed under the Creative Commons Attribution-Share Alike 3.0 License. This does not include the source code of LibreOffice, which is licensed under the Mozilla Public License (MPLv2). "LibreOffice" and "The Document Foundation" are registered trademarks of their corresponding registered owners or are in actual use as trademarks in one or more countries. Their respective logos and icons are also subject to international copyright laws. Use thereof is explained in our trademark policy.