Rooba
/
boinc
mirror of https://github.com/BOINC/boinc.git
1
0
Fork 0
Code Issues 1 Packages Projects Releases Wiki Activity

- MGR: Fix two potential security issues with browser.cpp where the 

query to the cookie database could have been abused.  At present
        neither of the two parameters originate as user input so using it
        as an attack vector isn't very high.  Prevent the functions from
        being exploited in the future in case the routines were ever used
        in a different way.
This commit is contained in:
Rom Walton 2012-12-05 17:14:30 -05:00 committed by Oliver Bock
parent 937059b8ae
commit a4972e0400
2 changed files with 15 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
checkin_notes
View File

@ -7287,3 +7287,14 @@ David 7 Dec 2012
- lib: add size info to messages when realloc() fails in MFILE
lib/
mfile.cpp
Rom 5 Dec 2012
- MGR: Fix two potential security issues with browser.cpp where the
query to the cookie database could have been abused. At present
neither of the two parameters originate as user input so using it
as an attack vector isn't very high. Prevent the functions from
being exploited in the future in case the routines were ever used
in a different way.
clientgui/
browser.cpp

8
clientgui/browser.cpp
View File

@ -600,8 +600,8 @@ retry:
// construct SQL query to extract the desired cookie
// SELECT host, name, value, expiry from moz_cookies WHERE name = '%s' AND host LIKE '%%%s'
snprintf(query, sizeof(query),
"SELECT host, name, value, expiry from moz_cookies WHERE name = '%s' AND host LIKE '%%%s'",
sqlite3_snprintf(sizeof(query), query,
"SELECT host, name, value, expiry from moz_cookies WHERE name = '%q' AND host LIKE '%%%q'",
name.c_str(),
hostname.c_str()
);
@ -814,8 +814,8 @@ bool detect_cookie_chrome(
// construct SQL query to extract the desired cookie
// SELECT host_key, name, value, expires_utc, httponly from cookies WHERE name = '%s' AND host_key LIKE '%%%s'
snprintf(query, sizeof(query),
"SELECT host_key, name, value, expires_utc, httponly from cookies WHERE name = '%s' AND host_key LIKE '%%%s'",
sqlite3_snprintf(sizeof(query), query,
"SELECT host_key, name, value, expires_utc, httponly from cookies WHERE name = '%q' AND host_key LIKE '%%%q'",
name.c_str(),
hostname.c_str()
);