philippelh/bitchx
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Don't pass the output of convert_output_format(FORMAT_DCC, ...) directly to

Browse Source 
sprintf() as a format string, because there could (and usually are!) '%'
characters that will be interpreted by sprintf.

This also allows clean compilation under -Werror=format-security.


git-svn-id: svn://svn.code.sf.net/p/bitchx/code/trunk@246 13b04d17-f746-0410-82c6-800466cd88b0
This commit is contained in:
Kevin Easton
2013-06-23 14:36:32 +00:00
parent dd9de3dff0
commit 8a04cbeba8
2 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Changelog
View File

@@ -1,5 +1,7 @@
[Changes 1.2c01] [Changes 1.2c01]
* Ensure proper handling of % when /FSET DCC is used. (caf)
* Improve robustness of CDCC save file loading. (caf) * Improve robustness of CDCC save file loading. (caf)
* Fix open file leak in /LASTLOG found by Coverity. (caf) * Fix open file leak in /LASTLOG found by Coverity. (caf)

2
source/dcc.c
View File

@@ -2750,7 +2750,7 @@ register int i = 0;
/* chop(transfer_buffer, 1);*/ /* chop(transfer_buffer, 1);*/
if (fget_string_var(FORMAT_DCC_FSET)) if (fget_string_var(FORMAT_DCC_FSET))
{ {
sprintf(DCC_current_transfer_buffer, convert_output_format(fget_string_var(FORMAT_DCC_FSET), "%s", transfer_buffer)); sprintf(DCC_current_transfer_buffer, "%s", convert_output_format(fget_string_var(FORMAT_DCC_FSET), "%s", transfer_buffer));
chop(DCC_current_transfer_buffer, 4); chop(DCC_current_transfer_buffer, 4);
} }
else else