Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Fix [bad6cc213d]: A format string vulnerability in Tcl nmakehelp.c allows code execution via a crated file. Also change a memcpy() to a memmove(), because the range could be overlapping |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | core-8-5-branch |
| Files: | files | file ages | folders |
| SHA3-256: |
28ef6c0c741408a2defd50daf1ce359a |
| User & Date: | jan.nijtmans 2021-06-22 09:02:00 |
References
|
2021-06-22
| ||
| 09:17 | • Closed ticket [7079e4f916]: A stack overflow vulnerability in Tcl nmakehelp.c allows code execution via a crated file plus 8 other changes artifact: 81b23a128d user: jan.nijtmans | |
| 09:11 | • Closed ticket [bad6cc213d]: A format string vulnerability in Tcl nmakehelp.c allows code execution via a crated file. plus 8 other changes artifact: b905b3d21a user: jan.nijtmans | |
Context
|
2021-06-22
| ||
| 13:19 | More code cleanup, eliminating various compiler warnings with stricter flags. No need to even use st... check-in: f2ea4ea1fe user: jan.nijtmans tags: core-8-5-branch | |
| 09:03 | Merge 8.5 check-in: 679be274e1 user: jan.nijtmans tags: core-8-6-branch | |
| 09:02 | Fix [bad6cc213d]: A format string vulnerability in Tcl nmakehelp.c allows code execution via a crate... check-in: 28ef6c0c74 user: jan.nijtmans tags: core-8-5-branch | |
|
2021-06-18
| ||
| 12:24 | Update all "cp" and "iso8859-?" encodings to the latest version. This adds 3 new codepoints to iso88... check-in: 49b98f3a2f user: jan.nijtmans tags: core-8-5-branch | |
Changes
Changes to win/nmakehlp.c.
| ︙ | ︙ | |||
533 534 535 536 537 538 539 |
q = p;
while (*q && (strchr("0123456789.ab", *q)) && ((!strchr(".ab", *q)
&& (!strchr("ab", q[-1])) || --numdots))) {
++q;
}
| | | 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 |
q = p;
while (*q && (strchr("0123456789.ab", *q)) && ((!strchr(".ab", *q)
&& (!strchr("ab", q[-1])) || --numdots))) {
++q;
}
memmove(szBuffer, p, q - p);
szBuffer[q-p] = 0;
szResult = szBuffer;
break;
}
}
fclose(fp);
}
|
| ︙ | ︙ | |||
670 671 672 673 674 675 676 | while (sp && *sp) *cp++ = *sp++; op += strlen(p->key); while (*op) *cp++ = *op++; *cp = 0; memcpy(szBuffer, szCopy, sizeof(szCopy)); } } | | | 670 671 672 673 674 675 676 677 678 679 680 681 682 683 684 |
while (sp && *sp) *cp++ = *sp++;
op += strlen(p->key);
while (*op) *cp++ = *op++;
*cp = 0;
memcpy(szBuffer, szCopy, sizeof(szCopy));
}
}
printf("%s", szBuffer);
}
list_free(&substPtr);
}
fclose(fp);
return 0;
}
|
| ︙ | ︙ |