chiark / gitweb /
client/tripectl.c: Fix stupid format-string bugs.
authorMark Wooding <mdw@distorted.org.uk>
Sat, 22 Jun 2013 16:08:15 +0000 (17:08 +0100)
committerMark Wooding <mdw@distorted.org.uk>
Fri, 12 Jul 2013 09:38:56 +0000 (10:38 +0100)
Possibly exploitable, but tripe's admin interface isn't usually a
security boundary.

client/tripectl.c

index e5f086f..95f95f4 100644 (file)
@@ -163,9 +163,9 @@ static void cline(char *p, size_t len, void *b)
   if (!q)
     return;
   if (strcmp(q, "WARN") == 0)
-    dolog(LOG_WARNING, p);
+    dolog(LOG_WARNING, "%s", p);
   else if (strcmp(q, "TRACE") == 0)
-    dolog(LOG_DEBUG, p);
+    dolog(LOG_DEBUG, "%s", p);
   else if (!(f & f_command))
     dolog(LOG_ERR, "unexpected output `%s %s'", q, p);
   else if (strcmp(q, "FAIL") == 0) {
@@ -285,7 +285,7 @@ static void logfile(const char *name)
     if (logfp)
       writelog("error", d.buf);
     else if (logname)
-      die(EXIT_FAILURE, d.buf);
+      die(EXIT_FAILURE, "%s", d.buf);
     if (f & f_syslog)
       syslog(LOG_ERR, "%s", d.buf);
     dstr_destroy(&d);