[X2Go-Commits] [nx-libs] 16/52: CVE-2013-6462: unlimited sscanf overflows stack buffer in bdfReadCharacters() from xorg/lib/libXfont http://lists.x.org/archives/xorg-announce/2014-January/002389.html

git-admin at x2go.org git-admin at x2go.org
Sat Feb 14 17:47:07 CET 2015


This is an automated email from the git hooks/post-receive script.

x2go pushed a commit to branch 3.6.x
in repository nx-libs.

commit ac6694378e0ed4bdffa6e1318c9d4beda24a6b0e
Author: Mike DePaulo <mikedep333 at gmail.com>
Date:   Sun Feb 8 20:12:25 2015 -0500

    CVE-2013-6462: unlimited sscanf overflows stack buffer in bdfReadCharacters() from xorg/lib/libXfont http://lists.x.org/archives/xorg-announce/2014-January/002389.html
    
    Fixes cppcheck warning:
     [lib/libXfont/src/bitmap/bdfread.c:341]: (warning)
      scanf without field width limits can crash with huge input data.
---
 nx-X11/lib/font/bitmap/bdfread.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nx-X11/lib/font/bitmap/bdfread.c b/nx-X11/lib/font/bitmap/bdfread.c
index a6f0c1e..bccabd7 100644
--- a/nx-X11/lib/font/bitmap/bdfread.c
+++ b/nx-X11/lib/font/bitmap/bdfread.c
@@ -344,7 +344,7 @@ bdfReadCharacters(FontFilePtr file, FontPtr pFont, bdfFileState *pState,
 	char        charName[100];
 	int         ignore;
 
-	if (sscanf((char *) line, "STARTCHAR %s", charName) != 1) {
+	if (sscanf((char *) line, "STARTCHAR %99s", charName) != 1) {
 	    bdfError("bad character name in BDF file\n");
 	    goto BAILOUT;	/* bottom of function, free and return error */
 	}

--
Alioth's /srv/git/_hooks_/post-receive-email on /srv/git/code.x2go.org/nx-libs.git


More information about the x2go-commits mailing list