Репозитории ALT
| S: | 2020.3.17-alt1 |
| 5.1: | 1.9.1-alt3 |
| 4.1: | 1.0.0-alt1.1 |
| 4.0: | 0.3.10-alt1 |
| 3.0: | 0.3.8-alt2 |
Группа :: Система/Библиотеки
Пакет: SimGear
навигация по пакетам
Главная Изменения Спек Патчи Sources Загрузить Gear Bugs and FR Repocop
Патч: simgear-3.2.0-fedora-format.patch
Скачать
Скачать
From 15ed31a1ed2f3ef45a620917dd97f828e4fd33be Mon Sep 17 00:00:00 2001
From: Fabrice Bellet <fabrice@bellet.info>
Date: Sun, 22 Sep 2013 11:56:12 +0200
Subject: [PATCH] check to be sure that %n is not being set as format type
(CVE-2012-2090)
---
simgear/scene/model/SGText.cxx | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/simgear/scene/model/SGText.cxx b/simgear/scene/model/SGText.cxx
index 1da6c57..3093d82 100644
--- a/simgear/scene/model/SGText.cxx
+++ b/simgear/scene/model/SGText.cxx
@@ -68,6 +68,16 @@ void SGText::UpdateCallback::operator()(osg::Node * node, osg::NodeVisitor *nv )
// FIXME:
// hopefully the users never specifies bad formats here
// this should better be something more robust
+ // It is never safe for format.c_str to be %n.
+ string unsafe ("%n");+ size_t found;
+
+ found=format.find(unsafe);
+ if (found!=string::npos) {+ SG_LOG(SG_GENERAL, SG_ALERT, "format type contained %n, but this is unsafe, reverting to %s");
+ format = "%s";
+ }
+
char buf[256];
if( numeric ) {double d = property->getDoubleValue() * scale + offset;
--
1.9.3