From: SourceForge.net <no...@so...> - 2011-10-04 00:55:10
|
Bugs item #2792371, was opened at 2009-05-15 09:42 Message generated for change (Settings changed) made by rich_sposato You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=396644&aid=2792371&group_id=29557 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: None Status: Closed >Resolution: Fixed Priority: 5 Private: No Submitted By: Etienne PIERRE (etiennepierre) Assigned to: Richard Sposato (rich_sposato) Summary: Bug in SafeFormat when providing extra arguments Initial Comment: This bug is related to number 2694060, when you provided extra arguments, there may be a security problem, there are 3 cases when you give an argument : - it can be a float, in which case we go in the assert(*fmt == '%') (line 351 in version 0.1.7) - it can be an integer in which case it will read passed the % character - it can be a string in which case we are saved by the test if (fmt != 's') (line 206 in version 0.1.7) I've attached a patch that for each of these function test whether *format_ is \0, in which case it sets result_ to -1 and returns. Thanks for all the work on this really fun library. ---------------------------------------------------------------------- Comment By: Richard Sposato (rich_sposato) Date: 2011-10-03 17:52 Message: Fixed in revision 1135. Added check for end of format string. SafeFormat now throws exception if end of format encountered. Added test for this bug in revision 1136. Thank you, Etienne! ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=396644&aid=2792371&group_id=29557 |