After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 796266 - BoF sscanf()
BoF sscanf()
Status: RESOLVED OBSOLETE
Product: empathy
Classification: Core
Component: General
3.25.x
Other Windows
: Normal normal
: ---
Assigned To: empathy-maint
empathy-maint
Depends on:
Blocks:
 
 
Reported: 2018-05-20 07:21 UTC by Team w00t
Modified: 2018-05-22 19:19 UTC
See Also:
GNOME target: ---
GNOME version: ---


Description Team w00t 2018-05-20 07:21:37 UTC 
Hi Team, 

https://github.com/GNOME/empathy/blob/master/libempathy-gtk/empathy-geometry.c#L229

i.e 

sscanf (str, GEOMETRY_POSITION_FORMAT, &x, &y, &w, &h);

The scanf() family's %s operation, without a limit specification, permits buffer overflows such as (CWE-120, CWE-20). 

Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable.

i.e

sscanf (str, GEOMETRY_POSITION_FORMAT, &x, &y, &w, &h);


Request team to please have a look and advise for same.


Cheers
Team w00t
Comment 1 GNOME Infrastructure Team 2018-05-22 19:19:56 UTC 
-- GitLab Migration Automatic Message --

This bug has been migrated to GNOME's GitLab instance and has been closed from further activity.

You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.gnome.org/GNOME/empathy/issues/910.