Protect gateway from format-string crashes in data
As a common security measure, printf-style formatting codes are
not allowed to be directly interpreted from a writable segment.
The gateway code currently has the following function call:
osrfLogActivity( OSRF_LOG_MARK, act->buf );
This is a variadic function which expects the 'act->buf' position
to contain a format string and any trailing arguments to be the
values passed to the formatter. Since act->buf is the value of
what we passed in, some data inadvertantly contains format strings,
and since it is a writable segment, the program crashes. Here is
an example of a crash-causing call:
http://localhost/osrf-gateway-v1?service=test&method=test¶m=%22%251n%22
The param is interpreted as "%1n" and abruptly fails.
The simple solution is to include a formatter so that our param gets
demoted to being mere data, i.e.:
osrfLogActivity( OSRF_LOG_MARK, "%s", act->buf );
Signed-off-by: Dan Wells <dbw2@calvin.edu>
Signed-off-by: Dan Scott <dscott@laurentian.ca>
projects / working / OpenSRF.git / commit