Репозитории ALT
| S: | 2020.3.17-alt1 |
| 5.1: | 1.9.1-alt2 |
| 4.1: | 1.0.0-alt1.1 |
| 4.0: | 0.9.10-alt1 |
| 3.0: | 0.9.8-alt2 |
Группа :: Игры/Аркады
Пакет: FlightGear
навигация по пакетам
Главная Изменения Спек Патчи Sources Загрузить Gear Bugs and FR Repocop
Патч: 0001-check-to-be-sure-that-n-is-not-being-set-as-format-t.patch
Скачать
Скачать
From c6083b97dc69c0995c6a63ecb7fe25900a8a2380 Mon Sep 17 00:00:00 2001
From: Fabrice Bellet <fabrice@bellet.info>
Date: Sun, 22 Sep 2013 12:19:18 +0200
Subject: [PATCH] check to be sure that %n is not being set as format type
(CVE-2012-2090)
---
src/Environment/fgclouds.cxx | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/src/Environment/fgclouds.cxx b/src/Environment/fgclouds.cxx
index 58653e0..c44e7ee 100644
--- a/src/Environment/fgclouds.cxx
+++ b/src/Environment/fgclouds.cxx
@@ -218,6 +218,15 @@ void FGClouds::buildLayer(int iLayer, const string& name, double coverage) { double count = acloud->getDoubleValue("count", 1.0);tCloudVariety[CloudVarietyCount].count = count;
int variety = 0;
+ // It is never safe for cloud_name.c_str to be %n.
+ string unsafe ("%n");+ size_t found;
+
+ found=cloud_name.find(unsafe);
+ if (found!=string::npos) {+ SG_LOG(SG_GENERAL, SG_ALERT, "format type contained %n, but this is unsafe , ignore it");
+ continue;
+ }
char variety_name[50];
do {variety++;
--
2.1.0