dont printf arguments given by user for security sanity

2024-09-28 13:54:53 +00:00 · 2006-03-23 02:07:20 +00:00 · 2006-03-23 02:07:20 +00:00 · 948a09d6f2
commit 948a09d6f2
parent 64bef2ab9c
4 changed files with 4 additions and 4 deletions
--- a/coreutils/watch.c
+++ b/coreutils/watch.c
@ -100,7 +100,7 @@ int watch_main(int argc, char **argv)
 			//child
 			dup2(old_stdout, STDOUT_FILENO);
 			execvp(*watched_argv, watched_argv);
-			bb_perror_msg_and_die(*watched_argv);
+			bb_perror_msg_and_die("%s", *watched_argv);
 		} else {
 			bb_perror_msg_and_die("vfork");
 		}
--- a/miscutils/mountpoint.c
+++ b/miscutils/mountpoint.c
@ -64,7 +64,7 @@ int mountpoint_main(int argc, char **argv)
 			}
 		}
 		if (!(opt & OPT_q))
-			bb_perror_msg(arg);
+			bb_perror_msg("%s", arg);
 		return EXIT_FAILURE;
 	}
 }
--- a/miscutils/setsid.c
+++ b/miscutils/setsid.c
@ -41,6 +41,6 @@ setsid_main(int argc, char *argv[]) {

 	execvp(argv[1], argv + 1);

-	bb_perror_msg_and_die(argv[1]);
+	bb_perror_msg_and_die("%s", argv[1]);

 }
--- a/util-linux/fdformat.c
+++ b/util-linux/fdformat.c
@ -85,7 +85,7 @@ int fdformat_main(int argc,char **argv)

 	/* R_OK is needed for verifying */
 	if (stat(*argv,&st) < 0 || access(*argv,W_OK | R_OK ) < 0) {
-		bb_perror_msg_and_die(*argv);
+		bb_perror_msg_and_die("%s",*argv);
 	}
 	if (!S_ISBLK(st.st_mode)) {
 		bb_error_msg_and_die("%s: not a block device",*argv);