Project

Profile

Help

HostedRedmine.com has moved to the Planio platform. All logins and passwords remained the same. All users will be able to login and use Redmine just as before. Read more...

Bug #907791

Scorelog reading vulnerability

Added by Marko Lindqvist over 1 year ago. Updated over 1 year ago.

Status:
Closed
Priority:
Normal
Category:
Server
Sprint/Milestone:
Start date:
Due date:
% Done:

0%

Estimated time:

Description

<louis94> CodeFactor found a CWE-120 CWE-20 buffer overflow at https://github.com/freeciv/freeciv/blob/master/server/report.c#L1185
<louis94> Allows writing arbitrary values to the stack

if (3 != sscanf(line + strlen("addplayer "), "%d %d %s",
&turn, &plr_no, plr_name)) {

History

#1 Updated by Marko Lindqvist over 1 year ago

I don't know if this patch makes CodeFactor warning to go away (does it understand how length of 'line' is guarded), but it fixes the vulnerability of the string looking like a player name potentially being longer than fits in to target buffer.

#2 Updated by Marko Lindqvist over 1 year ago

  • Private changed from Yes to No

#3 Updated by Marko Lindqvist over 1 year ago

  • Status changed from Resolved to Closed
  • Assignee set to Marko Lindqvist

Also available in: Atom PDF