sblim-gather/sblim-gather-2.2.8-format-security.patch

60 lines
2.1 KiB
Diff
Raw Normal View History

diff -up sblim-gather-2.2.8/comms/rcctest.c.orig sblim-gather-2.2.8/comms/rcctest.c
--- sblim-gather-2.2.8/comms/rcctest.c.orig 2014-02-04 12:53:25.036297751 +0100
+++ sblim-gather-2.2.8/comms/rcctest.c 2014-02-04 12:53:43.738362560 +0100
@@ -42,7 +42,7 @@ int main(int argc, char *argv[])
if (argc == 1) {
gethostname((char*)&hostname,sizeof(hostname));
} else {
- sprintf(hostname,argv[1]);
+ sprintf(hostname,"%s",argv[1]);
}
printf("Contacting %s\n",hostname);
if (rcc_init(hostname,&port) < 0 ) {
diff -up sblim-gather-2.2.8/gatherctl.c.orig sblim-gather-2.2.8/gatherctl.c
--- sblim-gather-2.2.8/gatherctl.c.orig 2013-02-12 02:08:25.000000000 +0100
+++ sblim-gather-2.2.8/gatherctl.c 2014-02-04 12:53:06.888233912 +0100
@@ -146,5 +146,5 @@ static void printhelp()
{
int i;
for (i=0;commands[i];i++)
- printf(commands[i]);
+ printf("%s",commands[i]);
}
diff -up sblim-gather-2.2.8/reposctl.c.orig sblim-gather-2.2.8/reposctl.c
--- sblim-gather-2.2.8/reposctl.c.orig 2013-02-12 02:08:25.000000000 +0100
+++ sblim-gather-2.2.8/reposctl.c 2014-02-04 12:53:06.888233912 +0100
@@ -271,7 +271,7 @@ static void printhelp()
{
int i;
for (i=0;commands[i];i++)
- printf(commands[i]);
+ printf("%s",commands[i]);
}
static void printvalue(ValueRequest *vr)
@@ -317,7 +317,7 @@ static void printvalue(ValueRequest *vr)
printf("%f",*(double*)vr->vsValues[i].viValue);
break;
case MD_STRING:
- printf(vr->vsValues[i].viValue);
+ printf("%s",vr->vsValues[i].viValue);
break;
default:
printf("datatype %0x not supported",vr->vsDataType);
diff -up sblim-gather-2.2.8/util/mlog.c.orig sblim-gather-2.2.8/util/mlog.c
--- sblim-gather-2.2.8/util/mlog.c.orig 2013-02-12 02:08:25.000000000 +0100
+++ sblim-gather-2.2.8/util/mlog.c 2014-02-04 12:53:06.888233912 +0100
@@ -52,10 +52,10 @@ void m_log(int priority, int errout, con
va_start(ap,fmt);
vsnprintf(buf,4096,fmt,ap);
- syslog(priosysl,buf);
+ syslog(priosysl,"%s",buf);
if (errout) {
- fprintf(stderr,buf);
+ fprintf(stderr,"%s",buf);
}
va_end(ap);
}