summaryrefslogtreecommitdiff
path: root/rsc/source
diff options
context:
space:
mode:
authorNorbert Thiebaud <nthiebaud@gmail.com>2010-10-03 02:02:04 -0500
committerC├ędric Bosdonnat <cedricbosdo@openoffice.org>2010-10-04 10:18:58 +0200
commit4cd2c0a608eaebe23dddd4ae2d15e548073074df (patch)
tree8f05b2188939c05a5749bffe9625769b53c1680e /rsc/source
parent1d8c4b25cb93439086749a6b51714d7ac1b52149 (diff)
security issue: using an un-sanitized string as format of a fprintf
security issue: using an un-sanitized string as format of a fprintf the argument of fprintf, from aSrsName, come from a command line. It can contain %s or any other kind of formatting instruction that could be use to do evil things at run-time
Diffstat (limited to 'rsc/source')
-rw-r--r--rsc/source/prj/start.cxx2
1 files changed, 1 insertions, 1 deletions
diff --git a/rsc/source/prj/start.cxx b/rsc/source/prj/start.cxx
index a2841dd9765b..8e723a4801d4 100644
--- a/rsc/source/prj/start.cxx
+++ b/rsc/source/prj/start.cxx
@@ -258,7 +258,7 @@ static BOOL CallRsc2( ByteString aRsc2Name,
#ifdef OS2
fprintf( fRspFile, "%s\n", aSrsName.GetBuffer() );
#else
- fprintf( fRspFile, aSrsName.GetBuffer() );
+ fprintf( fRspFile, "%s", aSrsName.GetBuffer() );
#endif
pString = pInputList->First();