[ooo-build-commit] .: rsc/source
Cédric Bosdonnat
cbosdo at kemper.freedesktop.org
Mon Oct 4 01:19:10 PDT 2010
rsc/source/prj/start.cxx | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
New commits:
commit ea4c93ece9ca46710a263d62919817d933a72410
Author: Norbert Thiebaud <nthiebaud at gmail.com>
Date: Sun Oct 3 02:02:04 2010 -0500
security issue: using an un-sanitized string as format of a fprintf
security issue: using an un-sanitized string as format of a fprintf
the argument of fprintf, from aSrsName, come from a command line.
It can contain %s or any other kind of formatting instruction that
could be use to do evil things at run-time
diff --git a/rsc/source/prj/start.cxx b/rsc/source/prj/start.cxx
index ecdde6a..832f358 100644
--- a/rsc/source/prj/start.cxx
+++ b/rsc/source/prj/start.cxx
@@ -258,7 +258,7 @@ static BOOL CallRsc2( ByteString aRsc2Name,
#ifdef OS2
fprintf( fRspFile, "%s\n", aSrsName.GetBuffer() );
#else
- fprintf( fRspFile, aSrsName.GetBuffer() );
+ fprintf( fRspFile, "%s", aSrsName.GetBuffer() );
#endif
pString = pInputList->First();
More information about the ooo-build-commit
mailing list