HostedRedmine.com has moved to the Planio platform. All logins and passwords remained the same. All users will be able to login and use Redmine just as before. "Read more...":https://support.plan.io/news/187
Bug #907791
closed
Scorelog reading vulnerability
0%
Description
<louis94> CodeFactor found a CWE-120 CWE-20 buffer overflow at https://github.com/freeciv/freeciv/blob/master/server/report.c#L1185
<louis94> Allows writing arbitrary values to the stack
if (3 != sscanf(line + strlen("addplayer "), "%d %d %s",
&turn, &plr_no, plr_name)) {
Files
Updated by Marko Lindqvist over 2 years ago
- File 0035-Fix-buffer-overflow-in-reading-score-log-file.patch 0035-Fix-buffer-overflow-in-reading-score-log-file.patch added
- Status changed from In Progress to Resolved
I don't know if this patch makes CodeFactor warning to go away (does it understand how length of 'line' is guarded), but it fixes the vulnerability of the string looking like a player name potentially being longer than fits in to target buffer.
Updated by Marko Lindqvist about 2 years ago
- Status changed from Resolved to Closed
- Assignee set to Marko Lindqvist
.