diff options
Diffstat (limited to 'debian/patches/71_ftbfs_format_security.patch')
-rw-r--r-- | debian/patches/71_ftbfs_format_security.patch | 108 |
1 files changed, 108 insertions, 0 deletions
diff --git a/debian/patches/71_ftbfs_format_security.patch b/debian/patches/71_ftbfs_format_security.patch new file mode 100644 index 0000000..08be8c7 --- /dev/null +++ b/debian/patches/71_ftbfs_format_security.patch @@ -0,0 +1,108 @@ +--- + lib/argp-parse.c | 2 +- + telnet/utilities.c | 36 ++++++++++++++++++------------------ + 2 files changed, 19 insertions(+), 19 deletions(-) + +--- a/telnet/utilities.c ++++ b/telnet/utilities.c +@@ -876,7 +876,7 @@ printsub (char direction, unsigned char + fprintf (NetTrace, "INFO "); + env_common: + { +- register int noquote = 2; ++ const char *quote = ""; + #if defined ENV_HACK && defined OLD_ENVIRON + extern int old_env_var, old_env_value; + #endif +@@ -891,15 +891,15 @@ printsub (char direction, unsigned char + { + # ifdef ENV_HACK + if (old_env_var == OLD_ENV_VALUE) +- fprintf (NetTrace, "\" (VALUE) " + noquote); ++ fprintf (NetTrace, "%s(VALUE) ", quote); + else + # endif +- fprintf (NetTrace, "\" VAR " + noquote); ++ fprintf (NetTrace, "%sVAR ", quote); + } + else + #endif /* OLD_ENVIRON */ +- fprintf (NetTrace, "\" VALUE " + noquote); +- noquote = 2; ++ fprintf (NetTrace, "%sVALUE ", quote); ++ quote = ""; + break; + + case NEW_ENV_VAR: +@@ -909,47 +909,47 @@ printsub (char direction, unsigned char + { + # ifdef ENV_HACK + if (old_env_value == OLD_ENV_VAR) +- fprintf (NetTrace, "\" (VAR) " + noquote); ++ fprintf (NetTrace, "%s(VAR) ", quote); + else + # endif +- fprintf (NetTrace, "\" VALUE " + noquote); ++ fprintf (NetTrace, "%sVALUE ", quote); + } + else + #endif /* OLD_ENVIRON */ +- fprintf (NetTrace, "\" VAR " + noquote); +- noquote = 2; ++ fprintf (NetTrace, "%sVAR ", quote); ++ quote = ""; + break; + + case ENV_ESC: +- fprintf (NetTrace, "\" ESC " + noquote); +- noquote = 2; ++ fprintf (NetTrace, "%sESC ", quote); ++ quote = ""; + break; + + case ENV_USERVAR: +- fprintf (NetTrace, "\" USERVAR " + noquote); +- noquote = 2; ++ fprintf (NetTrace, "%sUSERVAR ", quote); ++ quote = ""; + break; + + default: + if (isprint (pointer[i]) && pointer[i] != '"') + { +- if (noquote) ++ if (quote[0] == '\0') + { + putc ('"', NetTrace); +- noquote = 0; ++ quote = "\" "; + } + putc (pointer[i], NetTrace); + } + else + { +- fprintf (NetTrace, "\" %03o " + noquote, ++ fprintf (NetTrace, "%s%03o ", quote, + pointer[i]); +- noquote = 2; ++ quote = ""; + } + break; + } + } +- if (!noquote) ++ if (quote[0] != '\0') + putc ('"', NetTrace); + break; + } +--- a/lib/argp-parse.c ++++ b/lib/argp-parse.c +@@ -154,7 +154,7 @@ argp_version_parser (int key, char *arg, + else if (argp_program_version) + fprintf (state->out_stream, "%s\n", argp_program_version); + else +- __argp_error (state, dgettext (state->root_argp->argp_domain, ++ __argp_error (state, "%s", dgettext (state->root_argp->argp_domain, + "(PROGRAM ERROR) No version known!?")); + if (! (state->flags & ARGP_NO_EXIT)) + exit (0); |