From: Mark Wooding <mdw@distorted.org.uk>
Date: Sun, 7 Jul 2024 18:15:15 +0000 (+0100)
Subject: tmpdir.c: Don't pass unvetted strings as a format string.
X-Git-Tag: 1.2.5~2
X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~mdw/git/checkpath/commitdiff_plain/7b5e7899240bb934fa8ee9844ebdadca0a097add

tmpdir.c: Don't pass unvetted strings as a format string.

Not actually a security problem because the temporary directory is
under the user's control, but it's still rather incompetent.  Sorry.
---

diff --git a/tmpdir.c b/tmpdir.c
index 0bf51d3..bcebf8d 100644
--- a/tmpdir.c
+++ b/tmpdir.c
@@ -76,7 +76,7 @@ static void complain(const char *p, const char *msg, int err)
   if (!cp.cp_verbose) return;
   dstr_putf(&d, "Path: %s: %s", p, msg);
   if (err) dstr_putf(&d, ": %s", strerror(err));
-  moan(d.buf);
+  moan("%s", d.buf);
   dstr_destroy(&d);
 }