Hi all,
A format string vulnerability in dia was reported in CVE-2006-2480, this
has lead me to taking a closer look at the use of formatstrings in dia.
Yesterday I checked all the uses of:
dia's message* funcs
g_print
g_message
g_warning
dia_assert_true
And reported my findings to John Bressers (from RedHat) and Stanislav
Brabec <sbrabec(a)suse.cz>. John has assigned CVE-2006-2453 for the
additonal problems I found.
This morning I also checked (and found issues and fixed) all the uses of:
gtk_message_dialog_new
gtk_message_dialog_format_secondary_text
g_error
I've attached a patch fixing all issues I found. New as of this morning
are the changes / fixes to:
app/display.c
app/filedlg.c
Regards,
Hans
p.s.
There could still be other vararg printf like functions in dia which I
didn't check. I'm in no way claiming this work is complete. With that
said I'm not planning on doing any more auditing for printf like
functions in dia in the near future.
Show replies by date