X2Go Bug report logs - #777
nx-libs: incorrect usage of scanf

Full log

Message #15 received at 777@bugs.x2go.org (full text, mbox, reply):

Received: (at 777) by bugs.x2go.org; 2 Feb 2015 20:44:53 +0000
From xypron.glpk@gmx.de  Mon Feb  2 21:44:52 2015
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
	ymir.das-netzwerkteam.de
X-Spam-Level: 
X-Spam-Status: No, score=0.0 required=5.0 tests=BAYES_20,FREEMAIL_FROM
	autolearn=ham version=3.3.2
X-Greylist: delayed 301 seconds by postgrey-1.34 at ymir.das-netzwerkteam.de; Mon, 02 Feb 2015 21:44:52 CET
Received: from mout.gmx.net (mout.gmx.net [212.227.17.22])
	by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id 0BBA13BC93
	for <777@bugs.x2go.org>; Mon,  2 Feb 2015 21:44:52 +0100 (CET)
Received: from [192.168.123.39] ([178.201.93.16]) by mail.gmx.com (mrgmx101)
 with ESMTPSA (Nemesis) id 0MGWR2-1YVZ4Q3RFw-00DJbi; Mon, 02 Feb 2015 21:39:50
 +0100
Message-ID: <54CFE096.4010501@gmx.de>
Date: Mon, 02 Feb 2015 21:39:50 +0100
From: Heinrich Schuchardt <xypron.glpk@gmx.de>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Icedove/31.3.0
MIME-Version: 1.0
To: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>, 777@bugs.x2go.org
Subject: Re: [X2Go-Dev] Bug#777: nx-libs: incorrect usage of scanf
References: <20150131150421.Horde.WB6ssWsHGA2VI15ElwEPlg1@mail.das-netzwerkteam.de>
In-Reply-To: <20150131150421.Horde.WB6ssWsHGA2VI15ElwEPlg1@mail.das-netzwerkteam.de>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 7bit
X-Provags-ID:  V03:K0:zfqq1wWUIFQdA5tcWG0zHk7ijRaEYgNpDpdzkIH5HiL8jOifQDx
 ZrzbG36z5Uasg5rgjECpIiUsSelbMzPAoPwD7uXZjaDNzrSNFEZNeLdYRJ4cfmOL/ESfdAW
 XFgUyTkkcx5Fzod3edPLIb/pM4Aq2+24f+9BjW0KbfHiX7meHfgsw3M3MlFAAWu6uHWIIyY
 r9/7tsR7ApdmtZEB3Aa2w==
X-UI-Out-Filterresults: notjunk:1;

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Squeeze reached end of life.
Package libc6 in wheezy is patched against the bug.
Package libc6 in jessie is not vulnerable as it uses a newer libc6
release.

So I think we should close this bug and concentrate on updating our
mesa code to the newest version instead of patching some old version.

Best regards

Heinrich

On 31.01.2015 16:04, Mike Gabriel wrote:
> Hi Heinrich,
> 
> On  Fr 30 Jan 2015 20:35:53 CET, Heinrich Schuchardt wrote:
> 
>> package: nx-libs version: head
>> 
>> In different parts of the nx-libs library you can find usages of
>> scanf like
>> 
>> /* check for MESA_GAMMA environment variable */ gamma =
>> _mesa_getenv("MESA_GAMMA"); if (gamma) { v->RedGamma =
>> v->GreenGamma = v->BlueGamma = 0.0; sscanf( gamma, "%f %f %f",
>> &v->RedGamma, &v->GreenGamma, &v->BlueGamma );
>> 
>> According to cppcheck:
>> 
>> scanf without field width limits can crash with huge input data
>> on libc versions older than 2.13-25. Add a field width specifier
>> to fix this problem: %i => %3i
> 
> Any chance you could also provide a patch for this?
> 
> Mike
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJUz+CVAAoJEMSB27wsBRrE4mUP/j3JjSvGQ6chMdlCaQd94Ar6
LIBJvEeS9ZiR/rgFFaXdqUMzZVzYs2bm4Vvp0LlY9iUVFbhCgKQimRhLVq26A1iT
5EtJOFRu51Fzrd1y6Nk00PBKCqbsWSJwI81TUKnckjaCo3QyobWyMqqI75eXjMSf
RSWIGWgtLznPMqvByoKEnndDQjrCBBeMPBF7sinBw5ZM994Ff9VobHv7vXUYwvrY
mXlIgiuVf/6ztFTnwCsDD1hRreOk4BBTgp4tPsVqwB/06l8OvnaeBfD35BOSJ8Ns
AKwbxeRSNFOS4UP01zAgAsTMblzabyKnzS57lGomYQp3RB8c3K9DyUnk6CVSlBlN
AI7fjnaQEW9qL4d8UBRsQlZ7b9vryavNtUY7UyPtVMuXXA0WaewZIGUUpI5odtvd
WAoe0DEY2i+dW3ByIuGC1mH7ujgSLZGuke1gGdODlaLiExDsmm5P6hmIv+xE9gNQ
RBk5pYSx3H75Hckm2yTxhNx/9NcwJbjHa1pwa8Lz6r63/Ssa6TQhxuGsFH2l49iZ
YYbLHEP1s0FKQWxtE1B3NOYLeOwiCP4l7+qJ/KUZnmGCep2L4xC88OP1WMPn4+t6
vfoGkAHr9x0Ii7eP7fFaBEpImlx6dWI9mtZcSRfKfq/OhjAQPMspv7rl149i+1Iu
8OfiW4rp02zs54r92ejJ
=2gk9
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.