Changeset 50247 in vbox

Timestamp:

Jan 27, 2014 4:22:59 PM (11 years ago)

Author:

vboxsync

Message:

VBoxLogRelCreate: avoid uncontrolled format string attack. This
function takes pcszLogFile argument that appears to be intended as the
literal file name. Don't pass it as pszFilenameFmt format string to
RTLogCreateEx(). Instead format it with "%s".

File:

: 1 edited

trunk/src/VBox/Main/glue/com.cpp (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

trunk/src/VBox/Main/glue/com.cpp

-              r48654
+              r50247
                             pcszEnvVarBase, RT_ELEMENTS(s_apszGroups), s_apszGroups, fDestFlags,
                             vboxHeaderFooter, cHistory, uHistoryFileSize, uHistoryFileTime,
+                            pszError, cbError, pcszLogFile);
+                            pszError, cbError,
+                            "%s", pcszLogFile);
     if (RT_SUCCESS(vrc))
+    {

Note: See TracChangeset for help on using the changeset viewer.

Changeset 50247 in vbox

Legend:

trunk/src/VBox/Main/glue/com.cpp

Download in other formats: