debian/cdesktop
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

dtaction: Fix unsafe use of sprintf

Browse Source 
Patch from Robert Tomsick <robert+cde@tomsick.net>:

I believe this fixes vulnerability #3 from CERT CA-1999-11.[1]  The other
uses of sprintf in DtAction seem to be safe.

[1] https://www.cert.org/advisories/CA-1999-11.html
This commit is contained in:
Jon Trulson
2012-08-08 20:17:17 -06:00
parent 4ac42dd84f
commit 70e1c5a55a
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
cde/programs/dtaction/Main.c
View File

@@ -898,8 +898,8 @@ GetUserPrompt( void )
XmString cancelLabel;
XmString okLabel;
sprintf(prompt, (GETMESSAGE(1,5, "Enter password for user %s:")),
appArgs.user);
snprintf(prompt, BUFSIZ, (GETMESSAGE(1,5, "Enter password for user %s:")),
appArgs.user);
xmString = XmStringCreateLocalized(prompt);
xmString2 =XmStringCreateLocalized(GETMESSAGE(1,6, "Action Invoker - Password"));
cancelLabel = XmStringCreateLocalized(GETMESSAGE(1,7, "Cancel"));