diff options
| author | Norbert Thiebaud <nthiebaud@gmail.com> | 2010-10-03 02:02:04 -0500 |
|---|---|---|
| committer | Cédric Bosdonnat <cedricbosdo@openoffice.org> | 2010-10-04 10:18:58 +0200 |
| commit | 4cd2c0a608eaebe23dddd4ae2d15e548073074df (patch) | |
| tree | 8f05b2188939c05a5749bffe9625769b53c1680e /rsc | |
| parent | 1d8c4b25cb93439086749a6b51714d7ac1b52149 (diff) | |
security issue: using an un-sanitized string as format of a fprintf
security issue: using an un-sanitized string as format of a fprintf
the argument of fprintf, from aSrsName, come from a command line.
It can contain %s or any other kind of formatting instruction that
could be use to do evil things at run-time
Diffstat (limited to 'rsc')
| -rw-r--r-- | rsc/source/prj/start.cxx | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/rsc/source/prj/start.cxx b/rsc/source/prj/start.cxx index a2841dd9765b..8e723a4801d4 100644 --- a/rsc/source/prj/start.cxx +++ b/rsc/source/prj/start.cxx @@ -258,7 +258,7 @@ static BOOL CallRsc2( ByteString aRsc2Name, #ifdef OS2 fprintf( fRspFile, "%s\n", aSrsName.GetBuffer() ); #else - fprintf( fRspFile, aSrsName.GetBuffer() ); + fprintf( fRspFile, "%s", aSrsName.GetBuffer() ); #endif pString = pInputList->First(); |