From a7cab1d891f386e6b59a3f8327f759c0420764db Mon Sep 17 00:00:00 2001 From: Kawe Mazidjatari <48657826+Mauler125@users.noreply.github.com> Date: Sat, 8 Apr 2023 19:10:59 +0200 Subject: [PATCH] Fix potential security flaws caused by uncontrolled format strings Make sure format strings are string literals to avoid an uncontrolled format string situation. --- r5dev/engine/sys_utils.cpp | 2 +- r5dev/gameui/IBrowser.cpp | 16 ++++++++-------- r5dev/gameui/IConsole.cpp | 4 ++-- 3 files changed, 11 insertions(+), 11 deletions(-) diff --git a/r5dev/engine/sys_utils.cpp b/r5dev/engine/sys_utils.cpp index e66b93c9..ff03af6e 100644 --- a/r5dev/engine/sys_utils.cpp +++ b/r5dev/engine/sys_utils.cpp @@ -93,7 +93,7 @@ void _Con_NPrintf(int pos, const char* fmt, ...) g_pOverlay->m_nCon_NPrintf_Idx = pos; snprintf(g_pOverlay->m_szCon_NPrintf_Buf, - sizeof(g_pOverlay->m_szCon_NPrintf_Buf), buf); + sizeof(g_pOverlay->m_szCon_NPrintf_Buf), "%s", buf); } #endif // !DEDICATED diff --git a/r5dev/gameui/IBrowser.cpp b/r5dev/gameui/IBrowser.cpp index 861d9670..88f64e06 100644 --- a/r5dev/gameui/IBrowser.cpp +++ b/r5dev/gameui/IBrowser.cpp @@ -247,7 +247,7 @@ void CBrowser::BrowserPanel(void) } ImGui::EndGroup(); - ImGui::TextColored(ImVec4(1.00f, 0.00f, 0.00f, 1.00f), m_svServerListMessage.c_str()); + ImGui::TextColored(ImVec4(1.00f, 0.00f, 0.00f, 1.00f), "%s", m_svServerListMessage.c_str()); ImGui::Separator(); int iVars = 0; // Eliminate borders around server list table. @@ -289,19 +289,19 @@ void CBrowser::BrowserPanel(void) || m_imServerBrowserFilter.PassFilter(pszHostPort)) { ImGui::TableNextColumn(); - ImGui::Text(pszHostName); + ImGui::Text("%s", pszHostName); ImGui::TableNextColumn(); - ImGui::Text(pszHostMap); + ImGui::Text("%s", pszHostMap); ImGui::TableNextColumn(); - ImGui::Text(pszPlaylist); + ImGui::Text("%s", pszPlaylist); ImGui::TableNextColumn(); - ImGui::Text(Format("%3d/%3d", strtol(server.m_svPlayerCount.c_str(), NULL, NULL), strtol(server.m_svMaxPlayers.c_str(), NULL, NULL)).c_str()); + ImGui::Text("%s", Format("%3d/%3d", strtol(server.m_svPlayerCount.c_str(), NULL, NULL), strtol(server.m_svMaxPlayers.c_str(), NULL, NULL)).c_str()); ImGui::TableNextColumn(); - ImGui::Text(pszHostPort); + ImGui::Text("%s", pszHostPort); ImGui::TableNextColumn(); string svConnectBtn = "Connect##"; @@ -419,7 +419,7 @@ void CBrowser::HiddenServersModal(void) ImGui::Dummy(ImVec2(ImGui::GetWindowContentRegionWidth(), 19.f)); // Place a dummy, basically making space inserting a blank element. - ImGui::TextColored(m_ivHiddenServerMessageColor, m_svHiddenServerRequestMessage.c_str()); + ImGui::TextColored(m_ivHiddenServerMessageColor, "%s", m_svHiddenServerRequestMessage.c_str()); ImGui::Separator(); if (ImGui::Button("Connect", ImVec2(ImGui::GetWindowContentRegionWidth(), 24))) @@ -545,7 +545,7 @@ void CBrowser::HostPanel(void) g_pServerListManager->m_ServerVisibility = EServerVisibility_t::PUBLIC; } - ImGui::TextColored(m_HostRequestMessageColor, m_svHostRequestMessage.c_str()); + ImGui::TextColored(m_HostRequestMessageColor, "%s", m_svHostRequestMessage.c_str()); if (!m_svHostToken.empty()) { ImGui::InputText("##ServerHost_HostToken", &m_svHostToken, ImGuiInputTextFlags_ReadOnly); diff --git a/r5dev/gameui/IConsole.cpp b/r5dev/gameui/IConsole.cpp index 7a0fb4e4..06f759c7 100644 --- a/r5dev/gameui/IConsole.cpp +++ b/r5dev/gameui/IConsole.cpp @@ -243,7 +243,7 @@ void CConsole::DrawSurface(void) m_Logger.m_itFilter.Draw("Filter | ", flFooterWidthReserve - 500); ImGui::SameLine(); - ImGui::Text(m_szSummary); + ImGui::Text("%s", m_szSummary); ImGui::Separator(); @@ -406,7 +406,7 @@ void CConsole::SuggestPanel(void) ImGui::Image(hintRes.m_idIcon, ImVec2(float(hintRes.m_nWidth), float(hintRes.m_nHeight))); ImGui::SameLine(); - ImGui::Text(cvarInfo.m_pszDesc); + ImGui::Text("%s", cvarInfo.m_pszDesc); }; ImGui::BeginTooltip();