plug string format vulnerability.

2 files changed, 52 insertions, 0 deletions

diff --git a/editors/nvi-m17n/patches/patch-ac b/editors/nvi-m17n/patches/patch-ac
new file mode 100644
index 00000000000..545ade50c01
--- /dev/null
+++ b/editors/nvi-m17n/patches/patch-ac
@@ -0,0 +1,30 @@
+$NetBSD: patch-ac,v 1.1 2001/10/25 07:46:29 itojun Exp $
+
+--- ../ex/ex_cscope.c.orig	Mon Sep 16 04:59:30 1996
++++ ../ex/ex_cscope.c	Thu Oct 25 16:43:51 2001
+@@ -232,14 +232,14 @@
+ 	 * name regardless so that we can use it as a base for searches.
+ 	 */
+ 	if (stat(dname, &sb)) {
+-		msgq(sp, M_SYSERR, dname);
++		msgq(sp, M_SYSERR, "%s", dname);
+ 		return (1);
+ 	}
+ 	if (S_ISDIR(sb.st_mode)) {
+ 		(void)snprintf(path, sizeof(path),
+ 		    "%s/%s", dname, CSCOPE_DBFILE);
+ 		if (stat(path, &sb)) {
+-			msgq(sp, M_SYSERR, path);
++			msgq(sp, M_SYSERR, "%s", path);
+ 			return (1);
+ 		}
+ 		dbname = CSCOPE_DBFILE;
+@@ -762,7 +762,7 @@
+ 
+ io_err:	if (feof(csc->from_fp))
+ 		errno = EIO;
+-	msgq_str(sp, M_SYSERR, "%s", csc->dname);
++	msgq_str(sp, M_SYSERR, csc->dname, "%s");
+ 	terminate(sp, csc, 0);
+ 	return (1);
+ }
diff --git a/editors/nvi-m17n/patches/patch-ad b/editors/nvi-m17n/patches/patch-ad
new file mode 100644
index 00000000000..8eae1670618
--- /dev/null
+++ b/editors/nvi-m17n/patches/patch-ad
@@ -0,0 +1,22 @@
+$NetBSD: patch-ad,v 1.1 2001/10/25 07:46:29 itojun Exp $
+
+--- ../common/exf.c.orig	Thu Oct 25 16:43:16 2001
++++ ../common/exf.c	Thu Oct 25 16:43:52 2001
+@@ -887,7 +887,7 @@
+ 	 * Note that this code is harmless if you're using libc 4.6.x.
+ 	 */
+ 	if (LF_ISSET(FS_APPEND) && lseek(fd, (off_t)0, SEEK_END) < 0) {
+-		msgq(sp, M_SYSERR, name);
++		msgq(sp, M_SYSERR, "%s", name);
+ 		return (1);
+ 	}
+ #endif
+@@ -1004,7 +1004,7 @@
+ 			*--s = '.';
+ 		}
+ 	}
+-	msgq(sp, M_INFO, s);
++	msgq(sp, M_INFO, "%s", s);
+ 	if (nf)
+ 		FREE_SPACE(sp, p, 0);
+ 	return (0);