fixing format string vulnerability in email report code, #52945 (onliner patch, obviously correct, so marking stable)

2 files changed, 15 insertions, 0 deletions

diff --git a/app-admin/tripwire/files/digest-tripwire-2.3.1.2-r1 b/app-admin/tripwire/files/digest-tripwire-2.3.1.2-r1
new file mode 100644
index 000000000000..7bf1e05bec86
--- /dev/null
+++ b/app-admin/tripwire/files/digest-tripwire-2.3.1.2-r1
@@ -0,0 +1,2 @@
+MD5 6a15fe110565cef9ed33c1c7e070355e tripwire-2.3.1-2.tar.gz 1514955
+MD5 46659bfa3a1201757e070c51207de884 tripwire_2.3.1.2-6.1.diff.gz 608867
diff --git a/app-admin/tripwire/files/tripwire-format-string-email-report.diff b/app-admin/tripwire/files/tripwire-format-string-email-report.diff
new file mode 100644
index 000000000000..7e4f2676d4ef
--- /dev/null
+++ b/app-admin/tripwire/files/tripwire-format-string-email-report.diff
@@ -0,0 +1,13 @@
+diff -u -r1.1 -r1.2
+--- src/tripwire/pipedmailmessage.cpp   21 Jan 2001 00:46:48 -0000      1.1
++++ src/tripwire/pipedmailmessage.cpp   26 May 2004 20:59:15 -0000      1.2
+@@ -180,7 +180,7 @@
+
+ void cPipedMailMessage::SendString( const TSTRING& s )
+ {
+-    if( _ftprintf( mpFile, s.c_str() ) < 0 )
++    if( _ftprintf( mpFile, "%s", s.c_str() ) < 0 )
+     {
+         TOSTRINGSTREAM estr;
+         estr << TSS_GetString( cTripwire, tripwire::STR_ERR2_MAIL_MESSAGE_COMMAND
+)