thr3ads.net - wxruby development - [wxruby-development] [ wxruby-Bugs-26298 ] log_message() , log_status(), log_warning() and log_error() cannot be compiled + Format string attacks [Jun 2009]

If this information is useful, please help other people find it:
Share via:

noreply at rubyforge.org

2009-Jun-20 18:47 UTC

[wxruby-development] [ wxruby-Bugs-26298 ] log_message() , log_status(), log_warning() and log_error() cannot be compiled + Format string attacks

Bugs item #26298, was opened at 2009-06-20 21:47
You can respond by visiting: 
http://rubyforge.org/tracker/?func=detail&atid=218&aid=26298&group_id=35

Category: Compile/build
Group: current
Status: Open
Resolution: None
Priority: 3
Submitted By: Shlomi Fish (shlomif)
Assigned to: Nobody (None)
Summary: log_message() , log_status(), log_warning() and log_error() cannot be
compiled + Format string attacks

Initial Comment:
I''m getting the following errors when trying to compile using g++ on
Mandriva Cooker:

src/Functions.cpp: In function ?VALUE log_message(int, VALUE*, VALUE)?:
src/Functions.cpp:2248: error: format not a string literal and no format
arguments
src/Functions.cpp: In function ?VALUE log_status(int, VALUE*, VALUE)?:
src/Functions.cpp:2259: error: format not a string literal and no format
arguments
src/Functions.cpp:2263: error: format not a string literal and no format
arguments
src/Functions.cpp: In function ?VALUE log_warning(int, VALUE*, VALUE)?:
src/Functions.cpp:2272: error: format not a string literal and no format
arguments
src/Functions.cpp: In function ?VALUE log_error(int, VALUE*, VALUE)?:
src/Functions.cpp:2280: error: format not a string literal and no format
arguments
rake aborted!
Command failed with status (1): [g++  -c  -I/usr/lib/wx/include/ -I/usr/lib...]

(See full trace by running task with --trace)

Moreover, reading the source reveals the following:

{{{{{{{{{{{{{{
// Log a Wx Message to the current Wx log output
static VALUE log_message(int argc, VALUE *argv, VALUE self)
{
    VALUE str = rb_f_sprintf(argc, argv);
    wxLogMessage(wxString(StringValuePtr(str), wxConvUTF8));
    return Qnil;
}
}}}}}}}}}}}}}}

You sprintf the string using rb_f_sprintf() and then directly input it into
wxLogMessage(). So if the result string contains more format characters, then
there''s a risk of format string attacks:

http://en.wikipedia.org/wiki/Format_string_attack

Regards,

-- Shlomi Fish

----------------------------------------------------------------------

You can respond by visiting: 
http://rubyforge.org/tracker/?func=detail&atid=218&aid=26298&group_id=35

wxruby development - Jun 2009 - [ wxruby-Bugs-26298 ] log_message() , log_status(), log_warning() and log_error() cannot be compiled + Format string attacks

[wxruby-development] [ wxruby-Bugs-26298 ] log_message() , log_status(), log_warning() and log_error() cannot be compiled + Format string attacks