summaryrefslogblamecommitdiff
path: root/user/plib/CVE-2012-4552.patch
blob: 78f1b22ae1292d30e84d4182ddd751b4477d71d6 (plain) (tree)




















































                                                                           
--- plib-1.8.5/src/ssg/ssgParser.cxx~
+++ plib-1.8.5/src/ssg/ssgParser.cxx
@@ -57,18 +57,16 @@ void _ssgParser::error( const char *form
   char msgbuff[ 255 ];
   va_list argp;
 
-  char* msgptr = msgbuff;
-  if (linenum)
-  {
-    msgptr += sprintf ( msgptr,"%s, line %d: ",
-      path, linenum );
-  }
-
   va_start( argp, format );
-  vsprintf( msgptr, format, argp );
+  vsnprintf( msgbuff, sizeof(msgbuff), format, argp );
   va_end( argp );
 
-  ulSetError ( UL_WARNING, "%s", msgbuff ) ;
+  if (linenum)
+  {
+    ulSetError ( UL_WARNING, "%s, line %d: %s", path, linenum, msgbuff ) ;
+  } else {
+    ulSetError ( UL_WARNING, "%s", msgbuff ) ;
+  }
 }
 
 
@@ -78,18 +76,16 @@ void _ssgParser::message( const char *fo
   char msgbuff[ 255 ];
   va_list argp;
 
-  char* msgptr = msgbuff;
-  if (linenum)
-  {
-    msgptr += sprintf ( msgptr,"%s, line %d: ",
-      path, linenum );
-  }
-
   va_start( argp, format );
-  vsprintf( msgptr, format, argp );
+  vsnprintf( msgbuff, sizeof(msgbuff), format, argp );
   va_end( argp );
 
-  ulSetError ( UL_DEBUG, "%s", msgbuff ) ;
+  if (linenum)
+  {
+    ulSetError ( UL_DEBUG, "%s, line %d: %s", path, linenum, msgbuff ) ;
+  } else {
+    ulSetError ( UL_DEBUG, "%s", msgbuff ) ;
+  }
 }
 
 // Opens the file and does a few internal calculations based on the spec.