33 lines
1.2 KiB
Diff
33 lines
1.2 KiB
Diff
From 609b73ec6941321b157afb236f86c943f959a845 Mon Sep 17 00:00:00 2001
|
|
From: Fabrice Bellet <fabrice@bellet.info>
|
|
Date: Sun, 22 Sep 2013 12:19:18 +0200
|
|
Subject: [PATCH] check to be sure that %n is not being set as format type
|
|
(CVE-2012-2090)
|
|
|
|
---
|
|
src/Environment/fgclouds.cxx | 9 +++++++++
|
|
1 file changed, 9 insertions(+)
|
|
|
|
diff --git a/src/Environment/fgclouds.cxx b/src/Environment/fgclouds.cxx
|
|
index 043cbb007..a57c529d8 100644
|
|
--- a/src/Environment/fgclouds.cxx
|
|
+++ b/src/Environment/fgclouds.cxx
|
|
@@ -218,6 +218,15 @@ void FGClouds::buildLayer(int iLayer, const string& name, double coverage) {
|
|
double count = acloud->getDoubleValue("count", 1.0);
|
|
tCloudVariety[CloudVarietyCount].count = count;
|
|
int variety = 0;
|
|
+ // It is never safe for cloud_name.c_str to be %n.
|
|
+ string unsafe ("%n");
|
|
+ size_t found;
|
|
+
|
|
+ found=cloud_name.find(unsafe);
|
|
+ if (found!=string::npos) {
|
|
+ SG_LOG(SG_GENERAL, SG_ALERT, "format type contained %n, but this is unsafe , ignore it");
|
|
+ continue;
|
|
+ }
|
|
char variety_name[50];
|
|
do {
|
|
variety++;
|
|
--
|
|
2.48.1
|
|
|