summaryrefslogtreecommitdiff
blob: 7cbc584f5b478727291546c7eccaa8c5e830db66 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
Description: Fix potential security issue (arbitrary string being passed
 as a format string to fprintf).
Author: Andrew Shadura <andrewsh@debian.org>

--- a/unix/uuenview.c
+++ b/unix/uuenview.c
@@ -310,7 +310,7 @@ SendMkCommand (char **rcptlist, char *to
   }
 
   if ((*rcptlist = (char *) malloc (strlen (towhom) + 16)) == NULL) {
-    fprintf (stderr, "error: Out of memory allocating %d bytes\n",
+    fprintf (stderr, "error: Out of memory allocating %zd bytes\n",
 	     strlen (towhom)+16);
     _FP_free (command);
     return NULL;
@@ -483,7 +483,7 @@ AttachFiles (char *towhom, char *subject
       if (_FP_stristr (input, "multipart") != NULL) {
 	/* it is already a multipart posting. grab the boundary */
 	if ((ptr = _FP_stristr (input, "boundary=")) != NULL) {
-	  fprintf(thepipe,  input);
+	  fprintf(thepipe,  "%s", input);
 	  strcpy (boundary, ParseValue (ptr));
 	  hadmulti = 1;
 	}