external/cde
1
0
Fork 0
mirror of git://git.code.sf.net/p/cdesktopenv/code synced 2025-02-13 11:42:21 +00:00
Code Issues Releases Wiki Activity

dtaction: Fix unsafe use of sprintf

Browse source 
Patch from Robert Tomsick <robert+cde@tomsick.net>:

I believe this fixes vulnerability #3 from CERT CA-1999-11.[1]  The other
uses of sprintf in DtAction seem to be safe.

[1] https://www.cert.org/advisories/CA-1999-11.html
This commit is contained in:
Jon Trulson 2012-08-08 20:17:17 -06:00
parent 4ac42dd84f
commit 70e1c5a55a
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
cde/programs/dtaction/Main.c
View file

@ -898,8 +898,8 @@ GetUserPrompt( void )
XmString cancelLabel; XmString cancelLabel;
XmString okLabel; XmString okLabel;
sprintf(prompt, (GETMESSAGE(1,5, "Enter password for user %s:")), snprintf(prompt, BUFSIZ, (GETMESSAGE(1,5, "Enter password for user %s:")),
appArgs.user); appArgs.user);
xmString = XmStringCreateLocalized(prompt); xmString = XmStringCreateLocalized(prompt);
xmString2 =XmStringCreateLocalized(GETMESSAGE(1,6, "Action Invoker - Password")); xmString2 =XmStringCreateLocalized(GETMESSAGE(1,6, "Action Invoker - Password"));
cancelLabel = XmStringCreateLocalized(GETMESSAGE(1,7, "Cancel")); cancelLabel = XmStringCreateLocalized(GETMESSAGE(1,7, "Cancel"));