Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix crash when running disconnect %%s #554

Merged
merged 2 commits into from
Oct 2, 2023
Merged

Fix crash when running disconnect %%s #554

merged 2 commits into from
Oct 2, 2023

Conversation

ASpoonPlaysGames
Copy link
Contributor

@ASpoonPlaysGames ASpoonPlaysGames commented Sep 16, 2023
edited by GeckoEidechse
Loading

Closes #552

Basically we were running a string format and then passing the string to the original function, which would then try and format it again (and get bad args). By passing "%s" and then our formatted string we basically just protect the vanilla string format

@ASpoonPlaysGames ASpoonPlaysGames added needs testing Changes from the PR still need to be tested needs code review Changes from PR still need to be reviewed in code labels Sep 16, 2023
@Mauler125
Copy link
Contributor

Code looks good, should be merged as this will fix potential security problems from taking place in the engine.
A further analysis of the code base is recommended for uncontrolled format strings or similar code bugs (requires /Wall to see).

@ASpoonPlaysGames
Copy link
Contributor Author

Whoever merges this should add @Mauler125 as coauthor :)
(I forgot when making the commit)

@ASpoonPlaysGames ASpoonPlaysGames removed the needs code review Changes from PR still need to be reviewed in code label Sep 16, 2023
F1F7Y
F1F7Y approved these changes Sep 17, 2023
View reviewed changes
Copy link
Member

@F1F7Y F1F7Y left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Works, changes look good.

Preferably #553 should be implemented

@ASpoonPlaysGames ASpoonPlaysGames added READY TO MERGE This mergeable right now and removed needs testing Changes from the PR still need to be tested labels Sep 17, 2023
Alystrasz
Alystrasz approved these changes Sep 26, 2023
View reviewed changes
Copy link
Contributor

@Alystrasz Alystrasz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Running disconnect %%s does not crash the client with this.

GeckoEidechse
GeckoEidechse approved these changes Oct 2, 2023
View reviewed changes
Copy link
Member

@GeckoEidechse GeckoEidechse left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Confirmed working in testing by running disconnect %%s with and without the PR (with prints %s, without crashes). No code review done.

@GeckoEidechse GeckoEidechse merged commit d6f0cd5 into R2Northstar:main Oct 2, 2023
2 checks passed
@GeckoEidechse
Copy link
Member

Whoever merges this should add @Mauler125 as coauthor :)
(I forgot when making the commit)

Done o7

@GeckoEidechse GeckoEidechse mentioned this pull request Oct 3, 2023
Closed
@ASpoonPlaysGames ASpoonPlaysGames deleted the disconnect-crash branch January 4, 2024 18:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@F1F7Y F1F7Y F1F7Y approved these changes

@GeckoEidechse GeckoEidechse GeckoEidechse approved these changes

@Alystrasz Alystrasz Alystrasz approved these changes

Assignees
No one assigned
Labels
READY TO MERGE This mergeable right now
Projects
Northstar Roadmap
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Running disconnect with string format specifiers does weird things
5 participants
@ASpoonPlaysGames @Mauler125 @GeckoEidechse @Alystrasz @F1F7Y