From b643bb9badf4a995d989b8daf3e33ba8ee6ffda2 Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Fri, 30 Jun 2000 16:00:30 +0000 Subject: warnx?/errx? paranoia (use "%s" not a bare string unless it is a constant). These are not security holes but it is worth fixing them anyway both for robustness and so folks looking for examples in the tree are not misled into doing something potentially dangerous. Furthermore, it is a bad idea to assume that pathnames will not include '%' in them and that error routines don't return strings with '%' in them (especially in light of the possibility of locales). --- bin/dd/conv.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'bin/dd') diff --git a/bin/dd/conv.c b/bin/dd/conv.c index f1853cf7dd7..bccf281e865 100644 --- a/bin/dd/conv.c +++ b/bin/dd/conv.c @@ -1,4 +1,4 @@ -/* $OpenBSD: conv.c,v 1.5 1997/02/14 07:05:19 millert Exp $ */ +/* $OpenBSD: conv.c,v 1.6 2000/06/30 16:00:04 millert Exp $ */ /* $NetBSD: conv.c,v 1.6 1996/02/20 19:29:02 jtc Exp $ */ /*- @@ -42,7 +42,7 @@ #if 0 static char sccsid[] = "@(#)conv.c 8.3 (Berkeley) 4/2/94"; #else -static char rcsid[] = "$OpenBSD: conv.c,v 1.5 1997/02/14 07:05:19 millert Exp $"; +static char rcsid[] = "$OpenBSD: conv.c,v 1.6 2000/06/30 16:00:04 millert Exp $"; #endif #endif /* not lint */ @@ -101,10 +101,10 @@ def_close() /* Build a smaller version (i.e. for a miniroot) */ /* These can not be called, but just in case... */ static char no_block[] = "unblock and -DNO_CONV?"; -void block() { errx(1, no_block + 2); } -void block_close() { errx(1, no_block + 2); } -void unblock() { errx(1, no_block); } -void unblock_close() { errx(1, no_block); } +void block() { errx(1, "%s", no_block + 2); } +void block_close() { errx(1, "%s", no_block + 2); } +void unblock() { errx(1, "%s", no_block); } +void unblock_close() { errx(1, "%s", no_block); } #else /* NO_CONV */ /* -- cgit v1.2.3