Opened 9 years ago

Closed 9 years ago

#713 closed defect (fixed)

bb egg may error out with format security issue

Reported by: Jim Ursetto Owned by: felix winkelmann
Priority: major Milestone:
Component: extensions Version:
Keywords: bb egg security Cc: felix winkelmann
Estimated difficulty:

Description

As found at http://parenteses.org/mario/misc/salmonella-2011-10-13/install/bb.html

newer gcc detects a format string security problem -- essentially the result of doing printf(foo); instead of printf("%s", foo).

Attached patch should fix problem. It is untested. Keeping this assigned to myself until I can test the patch works as intended.

Attachments (1)

bb-fmt-sec.diff (856 bytes) - added by Jim Ursetto 9 years ago.

Download all attachments as: .zip

Change History (3)

Changed 9 years ago by Jim Ursetto

Attachment: bb-fmt-sec.diff added

comment:1 Changed 9 years ago by Jim Ursetto

Owner: changed from Jim Ursetto to felix winkelmann
Status: newassigned

Patch is good. I tested it with:

(bb:message "Hi %d")
(bb:message 'message "Hi %d")
(bb:message 'alert "Hi %d")
(bb:message 'ask "Hi %d")
(bb:message 'choice "Word? %d" "foo" "bar" "baz")
(bb:get-input "Enter a string %d:" "Default value")

and on the old version you'll get a garbage number displayed, on the new one you get a literal %d.

Patch also fixes use of fl_ask where fl_choice was meant.

Feel free to apply if looks okay, or I will be happy to apply myself.

comment:2 Changed 9 years ago by felix winkelmann

Resolution: fixed
Status: assignedclosed

Thanks - tagged a new version, 1.30.

Note: See TracTickets for help on using tickets.