From: Mark Wooding <mdw@distorted.org.uk>
Date: Sat, 22 Jun 2013 16:08:15 +0000 (+0100)
Subject: client/tripectl.c: Fix stupid format-string bugs.
X-Git-Tag: 1.0.0pre14~7
X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~mdw/git/tripe/commitdiff_plain/f7a19d392a4724b42dc8b8fc81f6ad13b7d40b9f?ds=sidebyside

client/tripectl.c: Fix stupid format-string bugs.

Possibly exploitable, but tripe's admin interface isn't usually a
security boundary.
---

diff --git a/client/tripectl.c b/client/tripectl.c
index e5f086fd..95f95f44 100644
--- a/client/tripectl.c
+++ b/client/tripectl.c
@@ -163,9 +163,9 @@ static void cline(char *p, size_t len, void *b)
   if (!q)
     return;
   if (strcmp(q, "WARN") == 0)
-    dolog(LOG_WARNING, p);
+    dolog(LOG_WARNING, "%s", p);
   else if (strcmp(q, "TRACE") == 0)
-    dolog(LOG_DEBUG, p);
+    dolog(LOG_DEBUG, "%s", p);
   else if (!(f & f_command))
     dolog(LOG_ERR, "unexpected output `%s %s'", q, p);
   else if (strcmp(q, "FAIL") == 0) {
@@ -285,7 +285,7 @@ static void logfile(const char *name)
     if (logfp)
       writelog("error", d.buf);
     else if (logname)
-      die(EXIT_FAILURE, d.buf);
+      die(EXIT_FAILURE, "%s", d.buf);
     if (f & f_syslog)
       syslog(LOG_ERR, "%s", d.buf);
     dstr_destroy(&d);