OSSP CVS Repository

ossp - Check-in [2406]
Not logged in
[Honeypot]  [Browse]  [Home]  [Login]  [Reports
[Search]  [Ticket]  [Timeline
  [Patchset]  [Tagging/Branching

Check-in Number: 2406
Date: 2002-Jul-29 13:39:43 (local)
2002-Jul-29 11:39:43 (UTC)
User:thl
Branch:
Comment: security issue; lib_cfg consideration
Tickets:
Inspections:
Files:
ossp-pkg/lmtp2nntp/00TODO      1.60 -> 1.61     24 inserted, 0 deleted

ossp-pkg/lmtp2nntp/00TODO 1.60 -> 1.61

--- 00TODO       2002/05/28 12:19:47     1.60
+++ 00TODO       2002/07/29 11:39:43     1.61
@@ -75,3 +75,27 @@
     crossposting problem                          -h [Newsgroups:see perl example above and use feature 2.)\n]
     potential to merge post/header modes          -h [Newsgroups:${_EnvelopeRCPT}\n]
 
+
+===================================================================
+RCS file: /e/ossp/cvs/ossp-pkg/fsl/fsl.c,v
+retrieving revision 1.22
+retrieving revision 1.21
+diff -r1.22 -r1.21
+341c341
+<         if ((l2rv = l2_spec(&ch, ctx.l2_fslenv, "%s", argl2spec)) != L2_OK) {
+---
+>         if ((l2rv = l2_spec(&ch, ctx.l2_fslenv, argl2spec)) != L2_OK) {
+513c513
+<                     if ((l2rv = l2_spec(&ch, ctx.l2_env, "%s", argl2spec)) != L2_OK) {
+---
+>                     if ((l2rv = l2_spec(&ch, ctx.l2_env, argl2spec)) != L2_OK) {
+
+Fix a big security hole: the l2_spec() is a varargs function which gets
+a format string and variable arguments. In case only a fixed string is
+used we have to use "%s" as the format string or else "%x" in the string
+is treated like a formatter (and hence cause a segfault or whatever
+else if it tries to fetch args from the stack). This especially also no
+longer requires the formatters to be written %%X...
+
+    consider using lib_cfg for configuration file parsing
+

CVSTrac 2.0.1