This file is from eltopo but not compiled as apart of blender, eltopo its self is not used in release builds and can only be enabled as an experemental option: WITH_MOD_CLOTH_ELTOPO
On Tue, Oct 30, 2012 at 3:52 AM, Andres Gomez <[email protected]> wrote: > Hi, > > There are multiple buffer overflows in the blender's external library > eltopo in ObjLoader.cpp file. I have attached a report from flawfinder. I > didn't check them all but there are several of them that are pretty > obvious, for instance in line 349: > > char* dir; > char* filename; > char buf[128]; ----> line 330 > GLuint nummaterials, i; > > dir = glmDirName(model->pathname); > filename = (char*)malloc(sizeof(char) * (strlen(dir) + strlen(name) + 1)); > strcpy(filename, dir); > strcat(filename, name); > free(dir); > > file = fopen(filename, "r"); > if (!file) { > fprintf(stderr, "glmReadMTL() failed: can't open material file > \"%s\".\n", > filename); > exit(1); > } > free(filename); > > /* count the number of materials in the file */ > nummaterials = 1; > while(fscanf(file, "%s", buf) != EOF) { ------> line 349 > switch(buf[0]) { > case '#': /* comment */ > /* eat up rest of line */ > fgets(buf, sizeof(buf), file); > break; > case 'n': /* newmtl */ > fgets(buf, sizeof(buf), file); > nummaterials++; > sscanf(buf, "%s %s", buf, buf); > break; > > If a very long string is read from a OBJ file it can overwrite buf in line > 330, which could lead even to arbitrary code execution with a specially > crafted OBJ file. > > Regards, > > Andres Gomez > > -- > -- > AVISO DE CONFIDENCIALIDAD: > > Esta transmisión se entiende para uso del destinatario o la entidad a la > que va dirigida y puede contener información confidencial o protegida por > la ley. Si el lector de este mensaje no fuera el destinatario, considérese > por este medio informado que la retención, difusión, o copia de este correo > electrónico está estrictamente prohibida. Si recibe este mensaje por error, > por favor notifique inmediatamente al emisor y destruya el original. Gracias > > -- > CONFIDENTIALITY NOTICE: > > This transmission is intended for the use of the individual or entity to > which it is addressed, and it may contain information that is confidential > or privileged under law. If the reader of this message is not the intended > recipient, you are hereby notified that retention, dissemination, > distribution or copying of this e-mail is strictly prohibited. If you > received this e-mail in error, please notify the sender immediately and > destroy the original. Thank you. > > _______________________________________________ > Bf-committers mailing list > [email protected] > http://lists.blender.org/mailman/listinfo/bf-committers > -- - Campbell _______________________________________________ Bf-committers mailing list [email protected] http://lists.blender.org/mailman/listinfo/bf-committers
