BUGTRAQ ID: 30189
CVE(CAN) ID: CVE-2008-2304
Xcode是苹果机器上所使用的开发工具。
Xcode工具中包含有名为Core Image Fun House的示例应用程序,用于处理带有.funhouse扩展名的内容。Funhouse应用没有正确地解析XML数据,如果用户受骗打开了特制的.funhouse文件的话,就可能触发缓冲区溢出。以下是负责解析上述文件的代码:
// render origin handles using AppKit directly
- - (CIImage *)drawPoints:(CIImage *)im
{
...
~ NSString *str, *str2, *localizedParameter;
...
~ else if ([type isEqualToString:@"image"])
~ {
~ // image effect stack element
~ // show an image origin (in its center)
~ CGRect r = [[es imageAtIndex:i] extent];
~ NSPoint offset = [es offsetAtIndex:i];
~ pt.x = offset.x + (r.origin.x + r.size.width * 0.5);
~ pt.y = offset.y + (r.origin.y + r.size.height * 0.5);
~ str = [[es filenameAtIndex:i] stringByAppendingString:@"
center"];
~ [self drawPoint:pt label:str intoContext:cg];
~ }
}
上述代码会调用以下代码:
/*
~ Drawing
*/
// draw an onscreen handle for an image origin, text origin, or filter point
// the handle is a "center symbol" - a circle with crosshairs through it.
// the handle is labelled with the string "str".
// all items are "shadowed"
- - (void)drawPoint:(NSPoint)pt label:(NSString *)str
intoContext:(CGContextRef)cg
{
...
~ char cstr[256];
...
~ if (!movingNow)
~ {
~ [str getCString:cstr]; <-- Vulnerability Exists Here
Apple XCode 2.0 - 3.0
临时解决方法:
* 用[str getCString:cstr maxLength:254]替换有漏洞代码段中的[str getCString:cstr]。
厂商补丁:
Apple
-----
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
<a href=http://www.apple.com target=_blank>http://www.apple.com</a>
暂无评论