From 106560b719c6052f62ad908e2c0fa8a8c50fc5f6 Mon Sep 17 00:00:00 2001 From: Jeremy Koritzinsky Date: Tue, 16 Sep 2025 15:49:54 -0700 Subject: [PATCH] Prevent format injection in hosting Windows PAL printf functions when redirected to file --- src/native/corehost/hostmisc/pal.windows.cpp | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/src/native/corehost/hostmisc/pal.windows.cpp b/src/native/corehost/hostmisc/pal.windows.cpp index dacafb182899ec..15ef33e7d99900 100644 --- a/src/native/corehost/hostmisc/pal.windows.cpp +++ b/src/native/corehost/hostmisc/pal.windows.cpp @@ -22,6 +22,14 @@ void pal::file_vprintf(FILE* f, const pal::char_t* format, va_list vl) } namespace { + void file_printf(FILE* fallbackFileHandle, const pal::char_t* format, ...) + { + va_list args; + va_start(args, format); + pal::file_vprintf(fallbackFileHandle, format, args); + va_end(args); + } + void print_line_to_handle(const pal::char_t* message, HANDLE handle, FILE* fallbackFileHandle) { // String functions like vfwprintf convert wide to multi-byte characters as if wcrtomb were called - that is, using the current C locale (LC_TYPE). // In order to properly print UTF-8 and GB18030 characters to the console without requiring the user to use chcp to a compatible locale, we use WriteConsoleW. @@ -33,7 +41,7 @@ namespace { { // We use file_vprintf to handle UTF-8 formatting. The WriteFile api will output the bytes directly with Unicode bytes, // while pal::file_vprintf will convert the characters to UTF-8. - pal::file_vprintf(fallbackFileHandle, message, va_list()); + file_printf(fallbackFileHandle, _X("%s"), message); } else { ::WriteConsoleW(handle, message, (int)pal::strlen(message), NULL, NULL);