Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

fedora 24
format weakness #1

4

Weakness Breakdown


Definition:

A format string exploit occurs when the data of an input string is evaluated as a command by the program. This class of attacks is very similar to buffer overflows since an attacker could execute code, read the stack or cause new behaviors that compromise security. Learn more about format string attacks on OWASP attack index.

Warning code(s):

If format strings can be influenced by an attacker, they can be exploited.

File Name:

akregator-16.12.3/plugins/mk4storage/metakit/src/view.cpp

Context:

The highlighted line of code below is the trigger point of this particular Fedora 24 format weakness.

 
d4_inline c4_ThreadLock::Hold::~Hold() {}

#endif

/////////////////////////////////////////////////////////////////////////////

#if defined(q4_LOGPROPMODS) && q4_LOGPROPMODS

static FILE *sPropModsFile = 0;
static int sPropModsProp =  - 1;

FILE *f4_LogPropMods(FILE *fp_, int propId_)
{
    FILE *prevfp = sPropModsFile;
    sPropModsFile = fp_;
    sPropModsProp = propId_;
    return prevfp;
}

void f4_DoLogProp(const c4_Handler *hp_, int id_, const char *fmt_, int arg_)
{
    if (sPropModsFile != 0 && (sPropModsProp < 0 || sPropModsProp == id_)) {
        fprintf(sPropModsFile, "handler 0x%x id %d: ", hp_, id_);
        fprintf(sPropModsFile, fmt_, arg_);
    }
}

#endif

/////////////////////////////////////////////////////////////////////////////

/** @class c4_View
 *
 *  A collection of data rows.  This is the central public data structure of
 *  Metakit (often called "table", "array", or "relation" in other systems).
 *
 *  Views are smart pointers to the actual collections, setting a view to a new
 *  value does not alter the collection to which this view pointed previously.
 *
 *  The elements of views can be referred to by their 0-based index, which
 *  produces a row-reference of type c4_RowRef.  These row references can
 *  be copied, used to get or set properties, or dereferenced (in which case
 *  an object of class c4_Row is returned).  Taking the address of a row
 *  reference produces a c4_Cursor, which acts very much like a pointer.
 *
 *  The following code creates a view with 1 row and 2 properties:
 * @code
 *    c4_StringProp pName ("name");
 *    c4_IntProp pAge ("age"); 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.