Use helper to validate printf formats.

Simgear contains a new helper to validate format
strings for potentially dangerous replacements, use
it to fix the issues raised by Debian bug trackers.

diff --git a/src/Cockpit/panel.cxx b/src/Cockpit/panel.cxx
index db09777ed30f132b4c76367bfd43a5e2c8c51b15..6123fab0cac88d363c193d122ad53a9c7cee7798 100644 (file)
--- a/src/Cockpit/panel.cxx
+++ b/src/Cockpit/panel.cxx
@@ -52,6 +52,7 @@
 #include <boost/foreach.hpp>
 #include <simgear/debug/logstream.hxx>
 #include <simgear/misc/sg_path.hxx>
+#include <simgear/misc/strutils.hxx>
 #include <simgear/scene/model/model.hxx>
 #include <osg/GLU>
 
@@ -1171,7 +1172,8 @@ FGTextLayer::recalc_value () const
 ////////////////////////////////////////////////////////////////////////
 
 FGTextLayer::Chunk::Chunk (const std::string &text, const std::string &fmt)
-  : _type(FGTextLayer::TEXT), _fmt(fmt)
+    : _type(FGTextLayer::TEXT),
+    _fmt(simgear::strutils::sanitizePrintfFormat(fmt))
 {
   _text = text;
   if (_fmt.empty()) 
@@ -1181,7 +1183,11 @@ FGTextLayer::Chunk::Chunk (const std::string &text, const std::string &fmt)
 FGTextLayer::Chunk::Chunk (ChunkType type, const SGPropertyNode * node,
                            const std::string &fmt, float mult, float offs,
                            bool truncation)
-  : _type(type), _fmt(fmt), _mult(mult), _offs(offs), _trunc(truncation)
+: _type(type),
+    _fmt(simgear::strutils::sanitizePrintfFormat(fmt)),
+    _mult(mult),
+    _offs(offs),
+    _trunc(truncation)
 {
   if (_fmt.empty()) {
     if (type == TEXT_VALUE)

diff --git a/src/Network/generic.cxx b/src/Network/generic.cxx
index 9906701d7ea0ef5117ad6ce5a5b40f38a6000660..523c19d5e8b582f13033a39c3c05661e30656aad 100644 (file)
--- a/src/Network/generic.cxx
+++ b/src/Network/generic.cxx
@@ -219,39 +219,41 @@ bool FGGeneric::gen_message_ascii() {
         if (i > 0) {
             generic_sentence += var_separator;
         }
+        
+        string format = simgear::strutils::sanitizePrintfFormat(_out_message[i].format);
 
         switch (_out_message[i].type) {
         case FG_INT:
             val = _out_message[i].offset +
                   _out_message[i].prop->getIntValue() * _out_message[i].factor;
-            snprintf(tmp, 255, _out_message[i].format.c_str(), (int)val);
+            snprintf(tmp, 255, format.c_str(), (int)val);
             break;
 
         case FG_BOOL:
-            snprintf(tmp, 255, _out_message[i].format.c_str(),
+            snprintf(tmp, 255, format.c_str(),
                                _out_message[i].prop->getBoolValue());
             break;
 
         case FG_FIXED:
             val = _out_message[i].offset +
                 _out_message[i].prop->getFloatValue() * _out_message[i].factor;
-            snprintf(tmp, 255, _out_message[i].format.c_str(), (float)val);
+            snprintf(tmp, 255, format.c_str(), (float)val);
             break;
 
         case FG_FLOAT:
             val = _out_message[i].offset +
                 _out_message[i].prop->getFloatValue() * _out_message[i].factor;
-            snprintf(tmp, 255, _out_message[i].format.c_str(), (float)val);
+            snprintf(tmp, 255, format.c_str(), (float)val);
             break;
 
         case FG_DOUBLE:
             val = _out_message[i].offset +
                 _out_message[i].prop->getDoubleValue() * _out_message[i].factor;
-            snprintf(tmp, 255, _out_message[i].format.c_str(), (double)val);
+            snprintf(tmp, 255, format.c_str(), (double)val);
             break;
 
         default: // SG_STRING
-            snprintf(tmp, 255, _out_message[i].format.c_str(),
+            snprintf(tmp, 255, format.c_str(),
                                    _out_message[i].prop->getStringValue());
         }