Download raw body.
Only use string literals as format strings for dprintf()
Only use string literals as format strings for dprintf().
Due to a missing function prototype annotation in stdio.h, the
compiler on OpenBSD has failed to warn about this:
got.c:502:14: warning: format string is not a string literal (potentially insecu
re) [-Wformat-security]
dprintf(fd, initial_content);
^~~~~~~~~~~~~~~
got.c:502:14: note: treat the string as an argument to avoid this
dprintf(fd, initial_content);
^
"%s",
OK?
diff 3168e5da215c7b442d231f40bfd61df067505d8b /home/naddy/got
blob - 3a7013aa09b5952fd99ebb4cbf7e06235e769d42
file + got/got.c
--- got/got.c
+++ got/got.c
@@ -499,7 +499,7 @@ collect_import_msg(char **logmsg, char **logmsg_path,
if (err)
goto done;
- dprintf(fd, initial_content);
+ dprintf(fd, "%s", initial_content);
close(fd);
err = edit_logmsg(logmsg, editor, *logmsg_path, initial_content);
@@ -5660,7 +5660,7 @@ get_tag_message(char **tagmsg, char **tagmsg_path, con
if (err)
goto done;
- dprintf(fd, initial_content);
+ dprintf(fd, "%s", initial_content);
close(fd);
err = get_editor(&editor);
@@ -6530,7 +6530,7 @@ collect_commit_logmsg(struct got_pathlist_head *commit
if (err)
goto done;
- dprintf(fd, initial_content);
+ dprintf(fd, "%s", initial_content);
TAILQ_FOREACH(pe, commitable_paths, entry) {
struct got_commitable *ct = pe->data;
@@ -7763,7 +7763,7 @@ histedit_edit_logmsg(struct got_histedit_list_entry *h
if (err)
goto done;
- dprintf(fd, logmsg);
+ dprintf(fd, "%s", logmsg);
close(fd);
err = get_editor(&editor);
--
Christian "naddy" Weisgerber naddy@mips.inka.de
Only use string literals as format strings for dprintf()