]>
Commit | Line | Data |
---|---|---|
e635c9fa PZ |
1 | From: Kees Cook <kees@outflux.net> |
2 | Date: Fri, 4 Apr 2008 06:26:30 +0000 (-0400) | |
3 | Subject: fix for CVE-2008-1658: format string vulnerability in password input | |
4 | X-Git-Url: http://gitweb.freedesktop.org/?p=PolicyKit.git;a=commitdiff;h=5bc86a14cc0e356bcf8b5f861674f842869b1be7 | |
5 | ||
6 | fix for CVE-2008-1658: format string vulnerability in password input | |
7 | ||
8 | http://bugs.freedesktop.org/show_bug.cgi?id=15295 | |
9 | --- | |
10 | ||
11 | --- a/configure.in | |
12 | +++ b/configure.in | |
13 | @@ -114,6 +114,16 @@ if test "x$GCC" = "xyes"; then | |
14 | *) CFLAGS="$CFLAGS -Wsign-compare" ;; | |
15 | esac | |
16 | ||
17 | + case " $CFLAGS " in | |
18 | + *[\ \ ]-Wformat[\ \ ]*) ;; | |
19 | + *) CFLAGS="$CFLAGS -Wformat" ;; | |
20 | + esac | |
21 | + | |
22 | + case " $CFLAGS " in | |
23 | + *[\ \ ]-Wformat-security[\ \ ]*) ;; | |
24 | + *) CFLAGS="$CFLAGS -Wformat-security" ;; | |
25 | + esac | |
26 | + | |
27 | if test "x$enable_ansi" = "xyes"; then | |
28 | case " $CFLAGS " in | |
29 | *[\ \ ]-ansi[\ \ ]*) ;; | |
30 | --- a/src/polkit-grant/polkit-grant-helper.c | |
31 | +++ b/src/polkit-grant/polkit-grant-helper.c | |
32 | @@ -241,7 +241,7 @@ do_auth (const char *user_to_auth, gbool | |
33 | *empty_conversation = FALSE; | |
34 | ||
35 | /* send to parent */ | |
36 | - fprintf (stdout, buf); | |
37 | + fprintf (stdout, "%s", buf); | |
38 | fflush (stdout); | |
39 | ||
40 | /* read from parent */ | |
41 | @@ -252,7 +252,7 @@ do_auth (const char *user_to_auth, gbool | |
42 | fprintf (stderr, "received: '%s' from parent; sending to child\n", buf); | |
43 | #endif /* PGH_DEBUG */ | |
44 | /* send to child */ | |
45 | - fprintf (child_stdin, buf); | |
46 | + fprintf (child_stdin, "%s", buf); | |
47 | fflush (child_stdin); | |
48 | } | |
49 |