HostedRedmine.com has moved to the Planio platform. All logins and passwords remained the same. All users will be able to login and use Redmine just as before. Read more...
Bug #907791
Scorelog reading vulnerability
Start date:
Due date:
% Done:
0%
Estimated time:
Description
<louis94> CodeFactor found a CWE-120 CWE-20 buffer overflow at https://github.com/freeciv/freeciv/blob/master/server/report.c#L1185
<louis94> Allows writing arbitrary values to the stack
if (3 != sscanf(line + strlen("addplayer "), "%d %d %s",
&turn, &plr_no, plr_name)) {
History
#1
Updated by Marko Lindqvist 10 months ago
- File 0035-Fix-buffer-overflow-in-reading-score-log-file.patch 0035-Fix-buffer-overflow-in-reading-score-log-file.patch added
- Status changed from In Progress to Resolved
I don't know if this patch makes CodeFactor warning to go away (does it understand how length of 'line' is guarded), but it fixes the vulnerability of the string looking like a player name potentially being longer than fits in to target buffer.
#2
Updated by Marko Lindqvist 10 months ago
- Private changed from Yes to No
#3
Updated by Marko Lindqvist 10 months ago
- Status changed from Resolved to Closed
- Assignee set to Marko Lindqvist
.