From dce0d0f91cf589790dba8eaa79008ffe7811b496 Mon Sep 17 00:00:00 2001 From: Tracy Ward Date: Fri, 4 Oct 2019 08:58:05 -0400 Subject: [PATCH] Fix potential security issue with FormatMessage use From MSDN: Security Remarks If this function is called without FORMAT_MESSAGE_IGNORE_INSERTS, the Arguments parameter must contain enough parameters to satisfy all insertion sequences in the message string, and they must be of the correct type. Therefore, do not use untrusted or unknown message strings with inserts enabled because they can contain more insertion sequences than Arguments provides, or those that may be of the wrong type. In particular, it is unsafe to take an arbitrary system error code returned from an API and use FORMAT_MESSAGE_FROM_SYSTEM without FORMAT_MESSAGE_IGNORE_INSERTS. (backport from master) --- src/archutils/Win32/ErrorStrings.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/archutils/Win32/ErrorStrings.cpp b/src/archutils/Win32/ErrorStrings.cpp index 336c5a0324..4c79144b81 100644 --- a/src/archutils/Win32/ErrorStrings.cpp +++ b/src/archutils/Win32/ErrorStrings.cpp @@ -7,7 +7,7 @@ RString werr_ssprintf( int err, const char *fmt, ... ) { char buf[1024] = ""; - FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM, + FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS, 0, err, 0, buf, sizeof(buf), nullptr); // Why is FormatMessage returning text ending with \r\n? (who? -aj)