View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0004200 | unreal | ircd | public | 2013-05-19 11:00 | 2013-05-19 16:47 |
| Reporter | falconkirtaran | Assigned To | |||
| Priority | immediate | Severity | tweak | Reproducibility | N/A |
| Status | resolved | Resolution | fixed | ||
| Product Version | 3.4-alpha1 | ||||
| Fixed in Version | 3.4-alpha1 | ||||
| Summary | 0004200: Fix possible format string injection in ping code in ircd.c | ||||
| Description | The REPORT_FAIL_DNS and REPORT_FAIL_ID strings, which are dynamic, are used as format string parameters in ircd.c. They contain no format specifiers. Added a format string wrapper to prevent format string injection. | ||||
| Tags | No tags attached. | ||||
| Attached Files | |||||
| 3rd party modules | |||||
| related to | 0004188 | closed | Unreal 3.4 alpha1 blockers |
|
|
http://hg.unrealircd.org/hg/unreal/rev/2d06381e6935 |
|
|
Just for the record, there's no risk of format string injection here (just trace it upstream if you don't believe me). Patch perfectly fine, nonetheless :p. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2013-05-19 11:00 | falconkirtaran | New Issue | |
| 2013-05-19 11:00 | falconkirtaran | File Added: 4200_format_string_vuln.diff | |
| 2013-05-19 12:32 |
|
Note Added: 0017595 | |
| 2013-05-19 12:32 |
|
Status | new => resolved |
| 2013-05-19 12:32 |
|
Fixed in Version | => 3.4-alpha1 |
| 2013-05-19 12:32 |
|
Resolution | open => fixed |
| 2013-05-19 12:32 |
|
Assigned To | => nenolod |
| 2013-05-19 12:32 |
|
Relationship added | related to 0004188 |
| 2013-05-19 16:47 | syzop | Note Added: 0017599 | |
| 2013-05-19 16:47 | syzop | Severity | major => tweak |
