[OpenSRF-GIT] OpenSRF branch master updated. 974d3a0dd4ddd134033b16bcd9e2fde34302ffd5

Evergreen Git git at git.evergreen-ils.org
Fri Mar 9 23:24:42 EST 2012 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OpenSRF".

The branch, master has been updated
       via  974d3a0dd4ddd134033b16bcd9e2fde34302ffd5 (commit)
      from  fd92a859e2ba3eeeaafe4904cd04973eb8cd572b (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 974d3a0dd4ddd134033b16bcd9e2fde34302ffd5
Author: Dan Wells <dbw2 at calvin.edu>
Date:   Tue Mar 6 15:08:33 2012 -0500

    Protect gateway from format-string crashes in data
    
    As a common security measure, printf-style formatting codes are
    not allowed to be directly interpreted from a writable segment.
    The gateway code currently has the following function call:
    
    osrfLogActivity( OSRF_LOG_MARK, act->buf );
    
    This is a variadic function which expects the 'act->buf' position
    to contain a format string and any trailing arguments to be the
    values passed to the formatter.  Since act->buf is the value of
    what we passed in, some data inadvertantly contains format strings,
    and since it is a writable segment, the program crashes.  Here is
    an example of a crash-causing call:
    
    http://localhost/osrf-gateway-v1?service=test&method=test&param=%22%251n%22
    
    The param is interpreted as "%1n" and abruptly fails.
    
    The simple solution is to include a formatter so that our param gets
    demoted to being mere data, i.e.:
    
    osrfLogActivity( OSRF_LOG_MARK, "%s", act->buf );
    
    Signed-off-by: Dan Wells <dbw2 at calvin.edu>
    Signed-off-by: Dan Scott <dscott at laurentian.ca>

diff --git a/src/gateway/osrf_json_gateway.c b/src/gateway/osrf_json_gateway.c
index 5282972..53094e3 100644
--- a/src/gateway/osrf_json_gateway.c
+++ b/src/gateway/osrf_json_gateway.c
@@ -300,7 +300,7 @@ static int osrf_json_gateway_method_handler (request_rec *r) {
 			}
 		}
 
-		osrfLogActivity( OSRF_LOG_MARK, act->buf );
+		osrfLogActivity( OSRF_LOG_MARK, "%s", act->buf );
 		buffer_free(act);
 		/* ----------------------------------------------------------------- */
 

-----------------------------------------------------------------------

Summary of changes:
 src/gateway/osrf_json_gateway.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)


hooks/post-receive
-- 
OpenSRF

More information about the opensrf-commits mailing list