Fix for #1117:

fix another issue similar to CVE-2012-2090 In FGClouds::buildlayer(), prevent passing '%n' to snprintf(). From: Rebecca Palmer
2013-09-14 17:43:24 +01:00 · 2013-09-14 17:43:24 +01:00 · 9457ba024a
commit 9457ba024a
parent dab588c789
1 changed files with 1 additions and 2 deletions
--- a/src/Environment/fgclouds.cxx
+++ b/src/Environment/fgclouds.cxx
@ -214,11 +214,10 @@ void FGClouds::buildLayer(int iLayer, const string& name, double coverage) {
 			double count = acloud->getDoubleValue("count", 1.0);
 			tCloudVariety[CloudVarietyCount].count = count;
 			int variety = 0;
-			cloud_name = cloud_name + "-%d";
 			char variety_name[50];
 			do {
 				variety++;
-				snprintf(variety_name, sizeof(variety_name) - 1, cloud_name.c_str(), variety);
+				snprintf(variety_name, sizeof(variety_name) - 1, "%s-%d", cloud_name.c_str(), variety);
 			} while( box_def_root->getChild(variety_name, 0, false) );

 			totalCount += count;