[OpenSRF-GIT] OpenSRF branch rel_2_0 updated. osrf_rel_2_0_1-8-g2e5c36e

Evergreen Git git at git.evergreen-ils.org
Fri Mar 9 23:26:00 EST 2012 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OpenSRF".

The branch, rel_2_0 has been updated
       via  2e5c36e213292b802dcf17729ad705016892c99c (commit)
      from  7dbae240dd7dddaadf793d2d61118b96e0505bbd (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 2e5c36e213292b802dcf17729ad705016892c99c
Author: Dan Wells <dbw2 at calvin.edu>
Date:   Tue Mar 6 15:08:33 2012 -0500

    Protect gateway from format-string crashes in data
    
    As a common security measure, printf-style formatting codes are
    not allowed to be directly interpreted from a writable segment.
    The gateway code currently has the following function call:
    
    osrfLogActivity( OSRF_LOG_MARK, act->buf );
    
    This is a variadic function which expects the 'act->buf' position
    to contain a format string and any trailing arguments to be the
    values passed to the formatter.  Since act->buf is the value of
    what we passed in, some data inadvertantly contains format strings,
    and since it is a writable segment, the program crashes.  Here is
    an example of a crash-causing call:
    
    http://localhost/osrf-gateway-v1?service=test&method=test&param=%22%251n%22
    
    The param is interpreted as "%1n" and abruptly fails.
    
    The simple solution is to include a formatter so that our param gets
    demoted to being mere data, i.e.:
    
    osrfLogActivity( OSRF_LOG_MARK, "%s", act->buf );
    
    Signed-off-by: Dan Wells <dbw2 at calvin.edu>
    Signed-off-by: Dan Scott <dscott at laurentian.ca>

diff --git a/src/gateway/osrf_json_gateway.c b/src/gateway/osrf_json_gateway.c
index e2f2124..bb71b7e 100644
--- a/src/gateway/osrf_json_gateway.c
+++ b/src/gateway/osrf_json_gateway.c
@@ -299,7 +299,7 @@ static int osrf_json_gateway_method_handler (request_rec *r) {
 			}
 		}
 
-		osrfLogActivity( OSRF_LOG_MARK, act->buf );
+		osrfLogActivity( OSRF_LOG_MARK, "%s", act->buf );
 		buffer_free(act);
 		/* ----------------------------------------------------------------- */
 

-----------------------------------------------------------------------

Summary of changes:
 src/gateway/osrf_json_gateway.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)


hooks/post-receive
-- 
OpenSRF

More information about the opensrf-commits mailing list