Project

Profile

Help

HostedRedmine.com has moved to the Planio platform. All logins and passwords remained the same. All users will be able to login and use Redmine just as before. "Read more...":https://support.plan.io/news/187

Bug #907791

closed

Scorelog reading vulnerability

Added by Marko Lindqvist over 2 years ago. Updated about 2 years ago.

Status:
Closed
Priority:
Normal
Category:
Server
Sprint/Milestone:
Start date:
Due date:
% Done:

0%

Estimated time:

Description

<louis94> CodeFactor found a CWE-120 CWE-20 buffer overflow at https://github.com/freeciv/freeciv/blob/master/server/report.c#L1185
<louis94> Allows writing arbitrary values to the stack

if (3 != sscanf(line + strlen("addplayer "), "%d %d %s",
&turn, &plr_no, plr_name)) {


Files

Actions #1

Updated by Marko Lindqvist over 2 years ago

I don't know if this patch makes CodeFactor warning to go away (does it understand how length of 'line' is guarded), but it fixes the vulnerability of the string looking like a player name potentially being longer than fits in to target buffer.

Actions #2

Updated by Marko Lindqvist about 2 years ago

  • Private changed from Yes to No
Actions #3

Updated by Marko Lindqvist about 2 years ago

  • Status changed from Resolved to Closed
  • Assignee set to Marko Lindqvist

Also available in: Atom PDF