>From bfd90cc05ffdd1b1582493b212f1b42f49e49429 Mon Sep 17 00:00:00 2001 From: Manuel Zerpies <[email protected]> Date: Thu, 16 Aug 2012 11:36:15 +0200 Subject: [PATCH] fix literal error warning
This patch fixes security issues caused by userinput and format-strings. Signed-off-by: Manuel Zerpies <[email protected]> --- Hey guys, this patch fixes security issues. In the first case userinput is directly printed which is harmful. In the second case format-strings are printed without a string that belongs to it. Greets, Manuel coreutils/stat.c | 4 ++-- libbb/dump.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/coreutils/stat.c b/coreutils/stat.c index 3fb212f..f0a61d9 100644 --- a/coreutils/stat.c +++ b/coreutils/stat.c @@ -442,7 +442,7 @@ static bool do_statfs(const char *filename, const char *format) : getfilecon(filename, &scontext) ) < 0 ) { - bb_perror_msg(filename); + bb_perror_msg("%s", filename); return 0; } } @@ -555,7 +555,7 @@ static bool do_stat(const char *filename, const char *format) : getfilecon(filename, &scontext) ) < 0 ) { - bb_perror_msg(filename); + bb_perror_msg("%s", filename); return 0; } } diff --git a/libbb/dump.c b/libbb/dump.c index 7e43564..91efe41 100644 --- a/libbb/dump.c +++ b/libbb/dump.c @@ -613,7 +613,7 @@ static void display(priv_dumper_t* dumper) printf(pr->fmt, (char *) bp); break; case F_TEXT: - printf(pr->fmt); + printf("%s", pr->fmt); break; case F_U: conv_u(pr, bp); @@ -663,7 +663,7 @@ static void display(priv_dumper_t* dumper) printf(pr->fmt, (unsigned) dumper->eaddress); break; case F_TEXT: - printf(pr->fmt); + printf("%s", pr->fmt); break; } } -- 1.7.0.4 _______________________________________________ busybox mailing list [email protected] http://lists.busybox.net/mailman/listinfo/busybox
