Changeset 554a2b8


Ignore:
Timestamp:
Dec 6, 2008, 2:33:28 AM (9 years ago)
Author:
Anders Kaseorg <andersk@mit.edu>
Branches:
master, debian, release-1.4, release-1.5, release-1.6, release-1.7, release-1.8, release-1.9
Children:
6eaf35b
Parents:
2aaca94
git-author:
Anders Kaseorg <andersk@mit.edu> (12/06/08 01:42:34)
git-committer:
Anders Kaseorg <andersk@mit.edu> (12/06/08 02:33:28)
Message:
Fix format string injection bugs.
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • aim.c

    r3645317 r554a2b8  
    239239{
    240240  if (message) {
    241     owl_function_error(message);
     241    owl_function_error("%s", message);
    242242  } else {
    243243    owl_function_error("Authentication error on login");
     
    16981698 
    16991699  /* printf("snac threw error (reason 0x%04x: %s)\n", reason, (reason<msgerrreasonslen)?msgerrreasons[reason]:"unknown"); */
    1700   if (reason<msgerrreasonslen) owl_function_error(msgerrreasons[reason]);
     1700  if (reason<msgerrreasonslen) owl_function_error("%s", msgerrreasons[reason]);
    17011701 
    17021702  return 1;
     
    17151715 
    17161716  /* printf("message to %s bounced (reason 0x%04x: %s)\n", destsn, reason, (reason<msgerrreasonslen)?msgerrreasons[reason]:"unknown"); */
    1717   if (reason<msgerrreasonslen) owl_function_error(msgerrreasons[reason]);
     1717  if (reason<msgerrreasonslen) owl_function_error("%s", msgerrreasons[reason]);
    17181718
    17191719  if (reason==4) {
     
    17361736 
    17371737  /* printf("user information for %s unavailable (reason 0x%04x: %s)\n", destsn, reason, (reason<msgerrreasonslen)?msgerrreasons[reason]:"unknown"); */
    1738   if (reason<msgerrreasonslen) owl_function_error(msgerrreasons[reason]);
     1738  if (reason<msgerrreasonslen) owl_function_error("%s", msgerrreasons[reason]);
    17391739 
    17401740  return 1;
  • commands.c

    r2209f16 r554a2b8  
    10471047void owl_command_version()
    10481048{
    1049   char buff[1024];
    1050 
    1051   sprintf(buff, "BarnOwl version %s", OWL_VERSION_STRING);
    1052   owl_function_makemsg(buff);
     1049  owl_function_makemsg("BarnOwl version %s", OWL_VERSION_STRING);
    10531050}
    10541051
     
    16921689  }
    16931690
    1694   owl_function_debugmsg(argv[1]);
     1691  owl_function_debugmsg("%s", argv[1]);
    16951692  return(NULL);
    16961693}
     
    25832580{
    25842581    buff = skiptokens(buff, 1);
    2585     owl_function_error(buff);
     2582    owl_function_error("%s", buff);
    25862583    return NULL;
    25872584}
     
    25902587{
    25912588    buff = skiptokens(buff, 1);
    2592     owl_function_makemsg(buff);
     2589    owl_function_makemsg("%s", buff);
    25932590    return NULL;
    25942591}
  • regex.c

    r8b7466b r554a2b8  
    1313{
    1414  int ret;
    15   char buff1[LINE], buff2[LINE];
     15  char buff1[LINE];
    1616  char *ptr;
    1717 
     
    2929  if (ret) {
    3030    regerror(ret, NULL, buff1, LINE);
    31     sprintf(buff2, "Error in regular expression: %s", buff1);
    32     owl_function_makemsg(buff2);
     31    owl_function_makemsg("Error in regular expression: %s", buff1);
    3332    owl_free(re->string);
    3433    re->string=NULL;
Note: See TracChangeset for help on using the changeset viewer.