From: James Turner <zakalawe@mac.com>
Date: Sun, 15 Sep 2013 18:17:38 +0000 (+0100)
Subject: Use helper to validate printf formats.
X-Git-Url: https://git.mxchange.org/?a=commitdiff_plain;h=fda64d840e58f3743f159c6c3244bb721f1f6443;p=flightgear.git

Use helper to validate printf formats.

Simgear contains a new helper to validate format
strings for potentially dangerous replacements, use
it to fix the issues raised by Debian bug trackers.
---

diff --git a/src/Cockpit/panel.cxx b/src/Cockpit/panel.cxx
index db09777ed..6123fab0c 100644
--- a/src/Cockpit/panel.cxx
+++ b/src/Cockpit/panel.cxx
@@ -52,6 +52,7 @@
 #include <boost/foreach.hpp>
 #include <simgear/debug/logstream.hxx>
 #include <simgear/misc/sg_path.hxx>
+#include <simgear/misc/strutils.hxx>
 #include <simgear/scene/model/model.hxx>
 #include <osg/GLU>
 
@@ -1171,7 +1172,8 @@ FGTextLayer::recalc_value () const
 ////////////////////////////////////////////////////////////////////////
 
 FGTextLayer::Chunk::Chunk (const std::string &text, const std::string &fmt)
-  : _type(FGTextLayer::TEXT), _fmt(fmt)
+    : _type(FGTextLayer::TEXT),
+    _fmt(simgear::strutils::sanitizePrintfFormat(fmt))
 {
   _text = text;
   if (_fmt.empty()) 
@@ -1181,7 +1183,11 @@ FGTextLayer::Chunk::Chunk (const std::string &text, const std::string &fmt)
 FGTextLayer::Chunk::Chunk (ChunkType type, const SGPropertyNode * node,
                            const std::string &fmt, float mult, float offs,
                            bool truncation)
-  : _type(type), _fmt(fmt), _mult(mult), _offs(offs), _trunc(truncation)
+: _type(type),
+    _fmt(simgear::strutils::sanitizePrintfFormat(fmt)),
+    _mult(mult),
+    _offs(offs),
+    _trunc(truncation)
 {
   if (_fmt.empty()) {
     if (type == TEXT_VALUE)
diff --git a/src/Network/generic.cxx b/src/Network/generic.cxx
index 9906701d7..523c19d5e 100644
--- a/src/Network/generic.cxx
+++ b/src/Network/generic.cxx
@@ -219,39 +219,41 @@ bool FGGeneric::gen_message_ascii() {
         if (i > 0) {
             generic_sentence += var_separator;
         }
+        
+        string format = simgear::strutils::sanitizePrintfFormat(_out_message[i].format);
 
         switch (_out_message[i].type) {
         case FG_INT:
             val = _out_message[i].offset +
                   _out_message[i].prop->getIntValue() * _out_message[i].factor;
-            snprintf(tmp, 255, _out_message[i].format.c_str(), (int)val);
+            snprintf(tmp, 255, format.c_str(), (int)val);
             break;
 
         case FG_BOOL:
-            snprintf(tmp, 255, _out_message[i].format.c_str(),
+            snprintf(tmp, 255, format.c_str(),
                                _out_message[i].prop->getBoolValue());
             break;
 
         case FG_FIXED:
             val = _out_message[i].offset +
                 _out_message[i].prop->getFloatValue() * _out_message[i].factor;
-            snprintf(tmp, 255, _out_message[i].format.c_str(), (float)val);
+            snprintf(tmp, 255, format.c_str(), (float)val);
             break;
 
         case FG_FLOAT:
             val = _out_message[i].offset +
                 _out_message[i].prop->getFloatValue() * _out_message[i].factor;
-            snprintf(tmp, 255, _out_message[i].format.c_str(), (float)val);
+            snprintf(tmp, 255, format.c_str(), (float)val);
             break;
 
         case FG_DOUBLE:
             val = _out_message[i].offset +
                 _out_message[i].prop->getDoubleValue() * _out_message[i].factor;
-            snprintf(tmp, 255, _out_message[i].format.c_str(), (double)val);
+            snprintf(tmp, 255, format.c_str(), (double)val);
             break;
 
         default: // SG_STRING
-            snprintf(tmp, 255, _out_message[i].format.c_str(),
+            snprintf(tmp, 255, format.c_str(),
                                    _out_message[i].prop->getStringValue());
         }