Project

Profile

Help

HostedRedmine.com has moved to the Planio platform. All logins and passwords remained the same. All users will be able to login and use Redmine just as before. Read more...

Bug #907791

Scorelog reading vulnerability

Added by Marko Lindqvist 4 months ago. Updated 4 months ago.

Status:
Closed
Priority:
Normal
Category:
Server
Sprint/Milestone:
Start date:
Due date:
% Done:

0%

Estimated time:

Description

<louis94> CodeFactor found a CWE-120 CWE-20 buffer overflow at https://github.com/freeciv/freeciv/blob/master/server/report.c#L1185
<louis94> Allows writing arbitrary values to the stack

if (3 != sscanf(line + strlen("addplayer "), "%d %d %s",
&turn, &plr_no, plr_name)) {

History

#1 Updated by Marko Lindqvist 4 months ago

I don't know if this patch makes CodeFactor warning to go away (does it understand how length of 'line' is guarded), but it fixes the vulnerability of the string looking like a player name potentially being longer than fits in to target buffer.

#2 Updated by Marko Lindqvist 4 months ago

  • Private changed from Yes to No

#3 Updated by Marko Lindqvist 4 months ago

  • Status changed from Resolved to Closed
  • Assignee set to Marko Lindqvist

Also available in: Atom PDF