Message ID | 1231776487-21240-1-git-send-email-vapier@gentoo.org |
---|---|
State | Accepted, archived |
Commit | e95a99a2c5ffb5ae1bf0f69bc553f591e57815e2 |
Headers | show |
On Mon, 2009-01-12 at 11:08 -0500, Mike Frysinger wrote: > When building with gcc security warnings enabled, the ubimirror.c code > triggers this warning: > ./src/ubimirror.c: In function 'main': > ./src/ubimirror.c:206: error: format not a string literal and no format arguments > > Since the buffer in question should be a straight string anyways, avoid > ugly printf exploits by outputting the string indirectly: > printf("%s", buffer) > > Signed-off-by: Mike Frysinger <vapier@gentoo.org> Both patches are applied, thank you!
diff --git a/ubi-utils/src/ubimirror.c b/ubi-utils/src/ubimirror.c index 2cc4596..a20e1af 100644 --- a/ubi-utils/src/ubimirror.c +++ b/ubi-utils/src/ubimirror.c @@ -203,7 +203,7 @@ main(int argc, char **argv) { err_buf, sizeof(err_buf)); if( rc ){ err_buf[sizeof err_buf - 1] = '\0'; - fprintf(stderr, err_buf); + fprintf(stderr, "%s", err_buf); if( rc < 0 ) rc = -rc; }
When building with gcc security warnings enabled, the ubimirror.c code triggers this warning: ./src/ubimirror.c: In function 'main': ./src/ubimirror.c:206: error: format not a string literal and no format arguments Since the buffer in question should be a straight string anyways, avoid ugly printf exploits by outputting the string indirectly: printf("%s", buffer) Signed-off-by: Mike Frysinger <vapier@gentoo.org> --- ubi-utils/src/ubimirror.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-)