philippelh/bitchx
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Don't pass the output of convert_output_format(FORMAT_DCC, ...) directly to

Browse Source 
sprintf() as a format string, because there could (and usually are!) '%'
characters that will be interpreted by sprintf.

This also allows clean compilation under -Werror=format-security.


git-svn-id: svn://svn.code.sf.net/p/bitchx/code/trunk@246 13b04d17-f746-0410-82c6-800466cd88b0
This commit is contained in:
Kevin Easton
2013-06-23 14:36:32 +00:00
parent dd9de3dff0
commit 8a04cbeba8
2 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
source/dcc.c
View File

@@ -2750,7 +2750,7 @@ register int i = 0;
/* chop(transfer_buffer, 1);*/
if (fget_string_var(FORMAT_DCC_FSET))
{
sprintf(DCC_current_transfer_buffer, convert_output_format(fget_string_var(FORMAT_DCC_FSET), "%s", transfer_buffer));
sprintf(DCC_current_transfer_buffer, "%s", convert_output_format(fget_string_var(FORMAT_DCC_FSET), "%s", transfer_buffer));
chop(DCC_current_transfer_buffer, 4);
}
else