diff options
author | Jesusaves <cpntb1@ymail.com> | 2024-07-30 23:55:46 -0300 |
---|---|---|
committer | Jesusaves <cpntb1@ymail.com> | 2024-07-30 23:55:46 -0300 |
commit | 714d7cdf513628d76efcae99d76a61413e0cd550 (patch) | |
tree | f1ea6682cc99b28948bdd5e689be82ba581f2cc5 /src | |
parent | d2e83a44a737ebb92be16516a588e4ee0da04d3f (diff) | |
download | evol-hercules-714d7cdf513628d76efcae99d76a61413e0cd550.tar.gz evol-hercules-714d7cdf513628d76efcae99d76a61413e0cd550.tar.bz2 evol-hercules-714d7cdf513628d76efcae99d76a61413e0cd550.tar.xz evol-hercules-714d7cdf513628d76efcae99d76a61413e0cd550.zip |
I don't know how to squash this security vulnerability, so mark where it is.
No fix was detected upstream*. Vulnerability only happens when printing
unsanitzed user input. I'll try to contact 4144, but he is MIA since May,
might have been swallowed by the war, so if he doesn't reply I'll hunt someone
else to test it in Hercules upstream.
*: Naturally, I at very least cherry-pick any security fix they commit and I see
Diffstat (limited to 'src')
-rw-r--r-- | src/emap/script_buildins.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/src/emap/script_buildins.c b/src/emap/script_buildins.c index e9b8006..177b65c 100644 --- a/src/emap/script_buildins.c +++ b/src/emap/script_buildins.c @@ -3155,6 +3155,7 @@ BUILDIN(debugmes) return false; } + // FIXME: SECURITY VULNERABILITY: Must be escaped or \n might trigger HCP ShowDebug("script debug : %d %d : %s\n", st->rid, st->oid, StrBuf->Value(&buf)); StrBuf->Destroy(&buf); script_pushint(st, 1); @@ -3175,6 +3176,7 @@ BUILDIN(consolewarn) return false; } + // FIXME: SECURITY VULNERABILITY: Must be escaped or \n might trigger HCP ShowWarning("script warning : %d %d : %s\n", st->rid, st->oid, StrBuf->Value(&buf)); StrBuf->Destroy(&buf); script_pushint(st, 1); @@ -3195,6 +3197,7 @@ BUILDIN(consolebug) return false; } + // FIXME: SECURITY VULNERABILITY: Must be escaped or \n might trigger HCP ShowError("script error : %d %d : %s\n", st->rid, st->oid, StrBuf->Value(&buf)); StrBuf->Destroy(&buf); script_pushint(st, 1); @@ -3215,7 +3218,9 @@ BUILDIN(consoleinfo) return false; } + // FIXME: SECURITY VULNERABILITY: Must be escaped or \n might trigger HCP ShowDebug("script notice : %d %d : %s\n", st->rid, st->oid, StrBuf->Value(&buf)); + // FIXME: SECURITY VULNERABILITY: Must be escaped or \n might trigger HCP ShowNotice("%s\n", StrBuf->Value(&buf)); StrBuf->Destroy(&buf); script_pushint(st, 1); |