warnx?/errx? paranoia (use "%s" not a bare string unless it is a

constant).  These are not security holes but it is worth fixing
them anyway both for robustness and so folks looking for examples
in the tree are not misled into doing something potentially dangerous.
Furthermore, it is a bad idea to assume that pathnames will not
include '%' in them and that error routines don't return strings
with '%' in them (especially in light of the possibility of locales).

1 files changed, 3 insertions, 3 deletions

diff --git a/usr.bin/ftp/fetch.c b/usr.bin/ftp/fetch.c
index 6b887364eb8..bc307e5f862 100644
--- a/usr.bin/ftp/fetch.c
+++ b/usr.bin/ftp/fetch.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: fetch.c,v 1.32 2000/05/25 16:09:26 itojun Exp $	*/
+/*	$OpenBSD: fetch.c,v 1.33 2000/06/30 16:00:15 millert Exp $	*/
 /*	$NetBSD: fetch.c,v 1.14 1997/08/18 10:20:20 lukem Exp $	*/
 
 /*-
@@ -38,7 +38,7 @@
  */
 
 #ifndef lint
-static char rcsid[] = "$OpenBSD: fetch.c,v 1.32 2000/05/25 16:09:26 itojun Exp $";
+static char rcsid[] = "$OpenBSD: fetch.c,v 1.33 2000/06/30 16:00:15 millert Exp $";
 #endif /* not lint */
 
 /*
@@ -338,7 +338,7 @@ again:
 	}
 	freeaddrinfo(res0);
 	if (s < 0) {
-		warn(cause);
+		warn("%s", cause);
 		goto cleanup_url_get;
 	}