fivedev/harbour-core
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

2010-04-26 11:44 UTC+0200 Przemyslaw Czerpak (druzus/at/priv.onet.pl)

Browse Source 
* harbour/src/common/hbtrace.c
    ! fixed potential GPF/memory corruption due to direct passing formatted
      string as format to syslog() function. Please remember to never create
      code like 'printf( str );' if str can contain printf escape characters
      because it may cause any unpredictable results. Always use
      'printf( "%s", str);' in such context.
      BTW It's one of the most common bug used by hackers in buffer/stack
      overflow attacks, i.e. using str with %n conversion specifier.
    % eliminated unnecessary buffer conversion in *nix builds
This commit is contained in:
Przemyslaw Czerpak
2010-04-26 09:44:13 +00:00
parent 5d726cf305
commit 13989a2521
2 changed files with 16 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
harbour/ChangeLog
View File

@@ -17,6 +17,17 @@
past entries belonging to author(s): Viktor Szakats.
*/
2010-04-26 11:44 UTC+0200 Przemyslaw Czerpak (druzus/at/priv.onet.pl)
* harbour/src/common/hbtrace.c
! fixed potential GPF/memory corruption due to direct passing formatted
string as format to syslog() function. Please remember to never create
code like 'printf( str );' if str can contain printf escape characters
because it may cause any unpredictable results. Always use
'printf( "%s", str);' in such context.
BTW It's one of the most common bug used by hackers in buffer/stack
overflow attacks, i.e. using str with %n conversion specifier.
% eliminated unnecessary buffer conversion in *nix builds
2010-04-26 10:35 UTC+0200 Viktor Szakats (harbour.01 syenar.hu)
* INSTALL
+ Added another envvar to the list of unnececessary ones.

14
harbour/src/common/hbtrace.c
View File

@@ -254,16 +254,8 @@ static void hb_tracelog_( int level, const char * file, int line, const char * p
}
# else
{
char psz[ 1024 ];
int slevel;
if( proc )
hb_snprintf( psz, sizeof( psz ), "%s:%d:%s() %s %s",
file, line, proc, pszLevel, message );
else
hb_snprintf( psz, sizeof( psz ), "%s:%d: %s %s",
file, line, pszLevel, message );
switch( level )
{
case HB_TR_ALWAYS: slevel = LOG_ALERT; break;
@@ -275,7 +267,11 @@ static void hb_tracelog_( int level, const char * file, int line, const char * p
default: slevel = LOG_DEBUG;
}
syslog( slevel, psz );
if( proc )
syslog( slevel, "%s:%d:%s() %s %s", file, line, proc,
pszLevel, message );
else
syslog( slevel, "%s:%d: %s %s", file, line, pszLevel, message );
}
# endif
#endif