1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
|
Description: Fix build failures with -Werror=format-security
The change to ntp_config.c is merely pacifying GCC, since signd_warning is
a constant string containing no '%' characters. In the other cases, it is
much more difficult to prove that the format string cannot contain any '%'
characters.
Author: Colin Watson <cjwatson@ubuntu.com>
Last-Update: 2011-05-20
--- a/lib/isc/unix/ifiter_ioctl.c
+++ b/lib/isc/unix/ifiter_ioctl.c
@@ -159,7 +159,7 @@ getbuf4(isc_interfaceiter_t *iter) {
break;
}
if (iter->bufsize >= IFCONF_BUFSIZE_MAX) {
- UNEXPECTED_ERROR(__FILE__, __LINE__,
+ UNEXPECTED_ERROR(__FILE__, __LINE__, "%s",
isc_msgcat_get(isc_msgcat,
ISC_MSGSET_IFITERIOCTL,
ISC_MSG_BUFFERMAX,
@@ -260,7 +260,7 @@ getbuf6(isc_interfaceiter_t *iter) {
break;
}
if (iter->bufsize6 >= IFCONF_BUFSIZE_MAX) {
- UNEXPECTED_ERROR(__FILE__, __LINE__,
+ UNEXPECTED_ERROR(__FILE__, __LINE__, "%s",
isc_msgcat_get(isc_msgcat,
ISC_MSGSET_IFITERIOCTL,
ISC_MSG_BUFFERMAX,
--- a/ntpd/ntp_config.c
+++ b/ntpd/ntp_config.c
@@ -2326,7 +2326,7 @@ config_access(
if ((RES_MSSNTP & flags) && !warned_signd) {
warned_signd = 1;
fprintf(stderr, "%s\n", signd_warning);
- msyslog(LOG_WARNING, signd_warning);
+ msyslog(LOG_WARNING, "%s", signd_warning);
}
}
}
--- a/ntpd/ntp_control.c
+++ b/ntpd/ntp_control.c
@@ -2948,7 +2948,7 @@ report_event(
" %s", str);
}
NLOG(NLOG_SYSEVENT)
- msyslog(LOG_INFO, statstr);
+ msyslog(LOG_INFO, "%s", statstr);
} else {
/*
@@ -2980,7 +2980,7 @@ report_event(
" %s", str);
}
NLOG(NLOG_PEEREVENT)
- msyslog(LOG_INFO, statstr);
+ msyslog(LOG_INFO, "%s", statstr);
}
record_proto_stats(statstr);
#if DEBUG
--- a/ntpd/ntpd.c
+++ b/ntpd/ntpd.c
@@ -1284,7 +1284,7 @@ library_fatal_error(const char *file, in
msyslog(LOG_ERR, "%s:%d: fatal error:", file, line);
vsnprintf(errbuf, sizeof(errbuf), format, args);
- msyslog(LOG_ERR, errbuf);
+ msyslog(LOG_ERR, "%s", errbuf);
msyslog(LOG_ERR, "exiting (due to fatal error in library)");
abort();
@@ -1306,7 +1306,7 @@ library_unexpected_error(const char *fil
msyslog(LOG_ERR, "%s:%d: unexpected error:", file, line);
vsnprintf(errbuf, sizeof(errbuf), format, args);
- msyslog(LOG_ERR, errbuf);
+ msyslog(LOG_ERR, "%s", errbuf);
if (++unexpected_error_cnt == MAX_UNEXPECTED_ERRORS)
{
|
