warnx?/errx? paranoia (use "%s" not a bare string unless it is a

constant).  These are not security holes but it is worth fixing
them anyway both for robustness and so folks looking for examples
in the tree are not misled into doing something potentially dangerous.
Furthermore, it is a bad idea to assume that pathnames will not
include '%' in them and that error routines don't return strings
with '%' in them (especially in light of the possibility of locales).

1 files changed, 5 insertions, 5 deletions

diff --git a/sbin/ping6/ping6.c b/sbin/ping6/ping6.c
index d8bc8cd27b9..c1b0edf3075 100644
--- a/sbin/ping6/ping6.c
+++ b/sbin/ping6/ping6.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ping6.c,v 1.8 2000/06/20 20:00:03 itojun Exp $	*/
+/*	$OpenBSD: ping6.c,v 1.9 2000/06/30 16:00:10 millert Exp $	*/
 /*	$KAME: ping6.c,v 1.55 2000/06/12 16:18:32 itojun Exp $	*/
 
 /*
@@ -554,9 +554,9 @@ main(argc, argv)
 #ifdef IPSEC_POLICY_IPSEC
 	if (options & F_POLICY) {
 		if (setpolicy(s, policy_in) < 0)
-			errx(1, ipsec_strerror());
+			errx(1, "%s", ipsec_strerror());
 		if (setpolicy(s, policy_out) < 0)
-			errx(1, ipsec_strerror());
+			errx(1, "%s", ipsec_strerror());
 	}
 #else
 	if (options & F_AUTHHDR) {
@@ -734,7 +734,7 @@ main(argc, argv)
 			struct addrinfo *iaip;
 
 			if ((error = getaddrinfo(argv[hops], NULL, &hints, &iaip)))
-				errx(1, gai_strerror(error));
+				errx(1, "%s", gai_strerror(error));
 			if (SIN6(res->ai_addr)->sin6_family != AF_INET6)
 				errx(1,
 				     "bad addr family of an intermediate addr");
@@ -1912,7 +1912,7 @@ setpolicy(so, policy)
 
 	buf = ipsec_set_policy(policy, strlen(policy));
 	if (buf == NULL)
-		errx(1, ipsec_strerror());
+		errx(1, "%s", ipsec_strerror());
 	if (setsockopt(s, IPPROTO_IPV6, IPV6_IPSEC_POLICY,
 			buf, ipsec_get_policylen(buf)) < 0)
 		warnx("Unable to set IPSec policy");