fly/flightgear
1
0
Fork 0
Code Activity

Use helper to validate printf formats.

Browse source 
Simgear contains a new helper to validate format
strings for potentially dangerous replacements, use
it to fix the issues raised by Debian bug trackers.
This commit is contained in:
James Turner 2013-09-15 19:17:38 +01:00
parent 9a7e32d4a9
commit fda64d840e
2 changed files with 16 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
src/Cockpit/panel.cxx
View file

@ -52,6 +52,7 @@
#include <boost/foreach.hpp> #include <boost/foreach.hpp>
#include <simgear/debug/logstream.hxx> #include <simgear/debug/logstream.hxx>
#include <simgear/misc/sg_path.hxx> #include <simgear/misc/sg_path.hxx>
#include <simgear/misc/strutils.hxx>
#include <simgear/scene/model/model.hxx> #include <simgear/scene/model/model.hxx>
#include <osg/GLU> #include <osg/GLU>
@ -1171,7 +1172,8 @@ FGTextLayer::recalc_value () const
//////////////////////////////////////////////////////////////////////// ////////////////////////////////////////////////////////////////////////
FGTextLayer::Chunk::Chunk (const std::string &text, const std::string &fmt) FGTextLayer::Chunk::Chunk (const std::string &text, const std::string &fmt)
: _type(FGTextLayer::TEXT), _fmt(fmt) : _type(FGTextLayer::TEXT),
_fmt(simgear::strutils::sanitizePrintfFormat(fmt))
{ {
_text = text; _text = text;
if (_fmt.empty()) if (_fmt.empty())
@ -1181,7 +1183,11 @@ FGTextLayer::Chunk::Chunk (const std::string &text, const std::string &fmt)
FGTextLayer::Chunk::Chunk (ChunkType type, const SGPropertyNode * node, FGTextLayer::Chunk::Chunk (ChunkType type, const SGPropertyNode * node,
const std::string &fmt, float mult, float offs, const std::string &fmt, float mult, float offs,
bool truncation) bool truncation)
: _type(type), _fmt(fmt), _mult(mult), _offs(offs), _trunc(truncation) : _type(type),
_fmt(simgear::strutils::sanitizePrintfFormat(fmt)),
_mult(mult),
_offs(offs),
_trunc(truncation)
{ {
if (_fmt.empty()) { if (_fmt.empty()) {
if (type == TEXT_VALUE) if (type == TEXT_VALUE)

14
src/Network/generic.cxx
View file

@ -220,38 +220,40 @@ bool FGGeneric::gen_message_ascii() {
generic_sentence += var_separator; generic_sentence += var_separator;
} }
string format = simgear::strutils::sanitizePrintfFormat(_out_message[i].format);
switch (_out_message[i].type) { switch (_out_message[i].type) {
case FG_INT: case FG_INT:
val = _out_message[i].offset + val = _out_message[i].offset +
_out_message[i].prop->getIntValue() * _out_message[i].factor; _out_message[i].prop->getIntValue() * _out_message[i].factor;
snprintf(tmp, 255, _out_message[i].format.c_str(), (int)val); snprintf(tmp, 255, format.c_str(), (int)val);
break; break;
case FG_BOOL: case FG_BOOL:
snprintf(tmp, 255, _out_message[i].format.c_str(), snprintf(tmp, 255, format.c_str(),
_out_message[i].prop->getBoolValue()); _out_message[i].prop->getBoolValue());
break; break;
case FG_FIXED: case FG_FIXED:
val = _out_message[i].offset + val = _out_message[i].offset +
_out_message[i].prop->getFloatValue() * _out_message[i].factor; _out_message[i].prop->getFloatValue() * _out_message[i].factor;
snprintf(tmp, 255, _out_message[i].format.c_str(), (float)val); snprintf(tmp, 255, format.c_str(), (float)val);
break; break;
case FG_FLOAT: case FG_FLOAT:
val = _out_message[i].offset + val = _out_message[i].offset +
_out_message[i].prop->getFloatValue() * _out_message[i].factor; _out_message[i].prop->getFloatValue() * _out_message[i].factor;
snprintf(tmp, 255, _out_message[i].format.c_str(), (float)val); snprintf(tmp, 255, format.c_str(), (float)val);
break; break;
case FG_DOUBLE: case FG_DOUBLE:
val = _out_message[i].offset + val = _out_message[i].offset +
_out_message[i].prop->getDoubleValue() * _out_message[i].factor; _out_message[i].prop->getDoubleValue() * _out_message[i].factor;
snprintf(tmp, 255, _out_message[i].format.c_str(), (double)val); snprintf(tmp, 255, format.c_str(), (double)val);
break; break;
default: // SG_STRING default: // SG_STRING
snprintf(tmp, 255, _out_message[i].format.c_str(), snprintf(tmp, 255, format.c_str(),
_out_message[i].prop->getStringValue()); _out_message[i].prop->getStringValue());
} }