summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorJesusaves <cpntb1@ymail.com>2024-07-30 23:55:46 -0300
committerJesusaves <cpntb1@ymail.com>2024-07-30 23:55:46 -0300
commit714d7cdf513628d76efcae99d76a61413e0cd550 (patch)
treef1ea6682cc99b28948bdd5e689be82ba581f2cc5 /src
parentd2e83a44a737ebb92be16516a588e4ee0da04d3f (diff)
downloadevol-hercules-714d7cdf513628d76efcae99d76a61413e0cd550.tar.gz
evol-hercules-714d7cdf513628d76efcae99d76a61413e0cd550.tar.bz2
evol-hercules-714d7cdf513628d76efcae99d76a61413e0cd550.tar.xz
evol-hercules-714d7cdf513628d76efcae99d76a61413e0cd550.zip
I don't know how to squash this security vulnerability, so mark where it is.
No fix was detected upstream*. Vulnerability only happens when printing unsanitzed user input. I'll try to contact 4144, but he is MIA since May, might have been swallowed by the war, so if he doesn't reply I'll hunt someone else to test it in Hercules upstream. *: Naturally, I at very least cherry-pick any security fix they commit and I see
Diffstat (limited to 'src')
-rw-r--r--src/emap/script_buildins.c5
1 files changed, 5 insertions, 0 deletions
diff --git a/src/emap/script_buildins.c b/src/emap/script_buildins.c
index e9b8006..177b65c 100644
--- a/src/emap/script_buildins.c
+++ b/src/emap/script_buildins.c
@@ -3155,6 +3155,7 @@ BUILDIN(debugmes)
return false;
}
+ // FIXME: SECURITY VULNERABILITY: Must be escaped or \n might trigger HCP
ShowDebug("script debug : %d %d : %s\n", st->rid, st->oid, StrBuf->Value(&buf));
StrBuf->Destroy(&buf);
script_pushint(st, 1);
@@ -3175,6 +3176,7 @@ BUILDIN(consolewarn)
return false;
}
+ // FIXME: SECURITY VULNERABILITY: Must be escaped or \n might trigger HCP
ShowWarning("script warning : %d %d : %s\n", st->rid, st->oid, StrBuf->Value(&buf));
StrBuf->Destroy(&buf);
script_pushint(st, 1);
@@ -3195,6 +3197,7 @@ BUILDIN(consolebug)
return false;
}
+ // FIXME: SECURITY VULNERABILITY: Must be escaped or \n might trigger HCP
ShowError("script error : %d %d : %s\n", st->rid, st->oid, StrBuf->Value(&buf));
StrBuf->Destroy(&buf);
script_pushint(st, 1);
@@ -3215,7 +3218,9 @@ BUILDIN(consoleinfo)
return false;
}
+ // FIXME: SECURITY VULNERABILITY: Must be escaped or \n might trigger HCP
ShowDebug("script notice : %d %d : %s\n", st->rid, st->oid, StrBuf->Value(&buf));
+ // FIXME: SECURITY VULNERABILITY: Must be escaped or \n might trigger HCP
ShowNotice("%s\n", StrBuf->Value(&buf));
StrBuf->Destroy(&buf);
script_pushint(st, 1);