From b643bb9badf4a995d989b8daf3e33ba8ee6ffda2 Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <millert@cvs.openbsd.org>
Date: Fri, 30 Jun 2000 16:00:30 +0000
Subject: warnx?/errx? paranoia (use "%s" not a bare string unless it is a
 constant).  These are not security holes but it is worth fixing them anyway
 both for robustness and so folks looking for examples in the tree are not
 misled into doing something potentially dangerous. Furthermore, it is a bad
 idea to assume that pathnames will not include '%' in them and that error
 routines don't return strings with '%' in them (especially in light of the
 possibility of locales).

---
 bin/chmod/chmod.c |  6 +++---
 bin/dd/conv.c     | 12 ++++++------
 2 files changed, 9 insertions(+), 9 deletions(-)

(limited to 'bin')

diff --git a/bin/chmod/chmod.c b/bin/chmod/chmod.c
index 2fb32b07e81..7b0031cd8f7 100644
--- a/bin/chmod/chmod.c
+++ b/bin/chmod/chmod.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: chmod.c,v 1.9 2000/06/09 17:50:16 mickey Exp $	*/
+/*	$OpenBSD: chmod.c,v 1.10 2000/06/30 16:00:03 millert Exp $	*/
 /*	$NetBSD: chmod.c,v 1.12 1995/03/21 09:02:09 cgd Exp $	*/
 
 /*
@@ -44,7 +44,7 @@ static char copyright[] =
 #if 0
 static char sccsid[] = "@(#)chmod.c	8.8 (Berkeley) 4/1/94";
 #else
-static char rcsid[] = "$OpenBSD: chmod.c,v 1.9 2000/06/09 17:50:16 mickey Exp $";
+static char rcsid[] = "$OpenBSD: chmod.c,v 1.10 2000/06/30 16:00:03 millert Exp $";
 #endif
 #endif /* not lint */
 
@@ -237,7 +237,7 @@ done:	argv += optind;
 		}
 		if (ischmod && chmod(p->fts_accpath, oct ? omode :
 		    getmode(set, p->fts_statp->st_mode)) && !fflag) {
-			warn(p->fts_path);
+			warn("%s", p->fts_path);
 			rval = 1;
 		} else if (!ischmod &&
 		    (hflag ? lchown(p->fts_accpath, uid, gid) :
diff --git a/bin/dd/conv.c b/bin/dd/conv.c
index f1853cf7dd7..bccf281e865 100644
--- a/bin/dd/conv.c
+++ b/bin/dd/conv.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: conv.c,v 1.5 1997/02/14 07:05:19 millert Exp $	*/
+/*	$OpenBSD: conv.c,v 1.6 2000/06/30 16:00:04 millert Exp $	*/
 /*	$NetBSD: conv.c,v 1.6 1996/02/20 19:29:02 jtc Exp $	*/
 
 /*-
@@ -42,7 +42,7 @@
 #if 0
 static char sccsid[] = "@(#)conv.c	8.3 (Berkeley) 4/2/94";
 #else
-static char rcsid[] = "$OpenBSD: conv.c,v 1.5 1997/02/14 07:05:19 millert Exp $";
+static char rcsid[] = "$OpenBSD: conv.c,v 1.6 2000/06/30 16:00:04 millert Exp $";
 #endif
 #endif /* not lint */
 
@@ -101,10 +101,10 @@ def_close()
 /* Build a smaller version (i.e. for a miniroot) */
 /* These can not be called, but just in case...  */
 static char no_block[] = "unblock and -DNO_CONV?";
-void block()       { errx(1, no_block + 2); }
-void block_close() { errx(1, no_block + 2); }
-void unblock()       { errx(1, no_block); }
-void unblock_close() { errx(1, no_block); }
+void block()       { errx(1, "%s", no_block + 2); }
+void block_close() { errx(1, "%s", no_block + 2); }
+void unblock()       { errx(1, "%s", no_block); }
+void unblock_close() { errx(1, "%s", no_block); }
 #else	/* NO_CONV */
 
 /*
-- 
cgit v1.2.3