| author | Kees Cook <kees@outflux.net> | 2008-04-04 06:26:30 (GMT) |
|---|---|---|
| committer | David Zeuthen <davidz@redhat.com> | 2008-04-04 06:26:30 (GMT) |
| commit | 5bc86a14cc0e356bcf8b5f861674f842869b1be7 (patch) | |
| tree | 481b607489bf5946e8d373e9b1f257c716077530 | |
| parent | 26c3fcb99014dcf1f01c6e9c5a7cb6db3e63b423 (diff) | |
| download | PolicyKit-5bc86a14cc0e356bcf8b5f861674f842869b1be7.zip PolicyKit-5bc86a14cc0e356bcf8b5f861674f842869b1be7.tar.gz PolicyKit-5bc86a14cc0e356bcf8b5f861674f842869b1be7.tar.bz2 | |
fix for CVE-2008-1658: format string vulnerability in password input
http://bugs.freedesktop.org/show_bug.cgi?id=15295
| -rw-r--r-- | configure.in | 10 | ||||
| -rw-r--r-- | src/polkit-grant/polkit-grant-helper.c | 4 |
2 files changed, 12 insertions, 2 deletions
diff --git a/configure.in b/configure.in index 2fdb935..0e6ae9c 100644 --- a/configure.in +++ b/configure.in @@ -114,6 +114,16 @@ if test "x$GCC" = "xyes"; then *) CFLAGS="$CFLAGS -Wsign-compare" ;; esac + case " $CFLAGS " in + *[\ \ ]-Wformat[\ \ ]*) ;; + *) CFLAGS="$CFLAGS -Wformat" ;; + esac + + case " $CFLAGS " in + *[\ \ ]-Wformat-security[\ \ ]*) ;; + *) CFLAGS="$CFLAGS -Wformat-security" ;; + esac + if test "x$enable_ansi" = "xyes"; then case " $CFLAGS " in *[\ \ ]-ansi[\ \ ]*) ;; diff --git a/src/polkit-grant/polkit-grant-helper.c b/src/polkit-grant/polkit-grant-helper.c index b0f59f8..e141edd 100644 --- a/src/polkit-grant/polkit-grant-helper.c +++ b/src/polkit-grant/polkit-grant-helper.c @@ -241,7 +241,7 @@ do_auth (const char *user_to_auth, gboolean *empty_conversation) *empty_conversation = FALSE; /* send to parent */ - fprintf (stdout, buf); + fprintf (stdout, "%s", buf); fflush (stdout); /* read from parent */ @@ -252,7 +252,7 @@ do_auth (const char *user_to_auth, gboolean *empty_conversation) fprintf (stderr, "received: '%s' from parent; sending to child\n", buf); #endif /* PGH_DEBUG */ /* send to child */ - fprintf (child_stdin, buf); + fprintf (child_stdin, "%s", buf); fflush (child_stdin); } |