Use helper to validate printf formats.

Simgear contains a new helper to validate format strings for potentially dangerous replacements, use it to fix the issues raised by Debian bug trackers.
2013-09-15 19:17:38 +01:00 · 2013-09-15 19:17:38 +01:00 · fda64d840e
commit fda64d840e
parent 9a7e32d4a9
2 changed files with 16 additions and 8 deletions
--- a/src/Cockpit/panel.cxx
+++ b/src/Cockpit/panel.cxx
@ -52,6 +52,7 @@
 #include <boost/foreach.hpp>
 #include <simgear/debug/logstream.hxx>
 #include <simgear/misc/sg_path.hxx>
+#include <simgear/misc/strutils.hxx>
 #include <simgear/scene/model/model.hxx>
 #include <osg/GLU>

@ -1171,7 +1172,8 @@ FGTextLayer::recalc_value () const
 ////////////////////////////////////////////////////////////////////////

 FGTextLayer::Chunk::Chunk (const std::string &text, const std::string &fmt)
-  : _type(FGTextLayer::TEXT), _fmt(fmt)
+    : _type(FGTextLayer::TEXT),
+    _fmt(simgear::strutils::sanitizePrintfFormat(fmt))
 {
  _text = text;
  if (_fmt.empty()) 
@ -1181,7 +1183,11 @@ FGTextLayer::Chunk::Chunk (const std::string &text, const std::string &fmt)
 FGTextLayer::Chunk::Chunk (ChunkType type, const SGPropertyNode * node,
                           const std::string &fmt, float mult, float offs,
                           bool truncation)
-  : _type(type), _fmt(fmt), _mult(mult), _offs(offs), _trunc(truncation)
+: _type(type),
+    _fmt(simgear::strutils::sanitizePrintfFormat(fmt)),
+    _mult(mult),
+    _offs(offs),
+    _trunc(truncation)
 {
  if (_fmt.empty()) {
    if (type == TEXT_VALUE)
--- a/src/Network/generic.cxx
+++ b/src/Network/generic.cxx
@ -219,39 +219,41 @@ bool FGGeneric::gen_message_ascii() {
        if (i > 0) {
            generic_sentence += var_separator;
        }
+        
+        string format = simgear::strutils::sanitizePrintfFormat(_out_message[i].format);

        switch (_out_message[i].type) {
        case FG_INT:
            val = _out_message[i].offset +
                  _out_message[i].prop->getIntValue() * _out_message[i].factor;
-            snprintf(tmp, 255, _out_message[i].format.c_str(), (int)val);
+            snprintf(tmp, 255, format.c_str(), (int)val);
            break;

        case FG_BOOL:
-            snprintf(tmp, 255, _out_message[i].format.c_str(),
+            snprintf(tmp, 255, format.c_str(),
                               _out_message[i].prop->getBoolValue());
            break;

        case FG_FIXED:
            val = _out_message[i].offset +
                _out_message[i].prop->getFloatValue() * _out_message[i].factor;
-            snprintf(tmp, 255, _out_message[i].format.c_str(), (float)val);
+            snprintf(tmp, 255, format.c_str(), (float)val);
            break;

        case FG_FLOAT:
            val = _out_message[i].offset +
                _out_message[i].prop->getFloatValue() * _out_message[i].factor;
-            snprintf(tmp, 255, _out_message[i].format.c_str(), (float)val);
+            snprintf(tmp, 255, format.c_str(), (float)val);
            break;

        case FG_DOUBLE:
            val = _out_message[i].offset +
                _out_message[i].prop->getDoubleValue() * _out_message[i].factor;
-            snprintf(tmp, 255, _out_message[i].format.c_str(), (double)val);
+            snprintf(tmp, 255, format.c_str(), (double)val);
            break;

        default: // SG_STRING
-            snprintf(tmp, 255, _out_message[i].format.c_str(),
+            snprintf(tmp, 255, format.c_str(),
                                   _out_message[i].prop->getStringValue());
        }