1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
|
Description: Fix potential security issue (arbitrary string being passed
as a format string to fprintf).
Author: Andrew Shadura <andrewsh@debian.org>
--- a/unix/uuenview.c
+++ b/unix/uuenview.c
@@ -310,7 +310,7 @@ SendMkCommand (char **rcptlist, char *to
}
if ((*rcptlist = (char *) malloc (strlen (towhom) + 16)) == NULL) {
- fprintf (stderr, "error: Out of memory allocating %d bytes\n",
+ fprintf (stderr, "error: Out of memory allocating %zd bytes\n",
strlen (towhom)+16);
_FP_free (command);
return NULL;
@@ -483,7 +483,7 @@ AttachFiles (char *towhom, char *subject
if (_FP_stristr (input, "multipart") != NULL) {
/* it is already a multipart posting. grab the boundary */
if ((ptr = _FP_stristr (input, "boundary=")) != NULL) {
- fprintf(thepipe, input);
+ fprintf(thepipe, "%s", input);
strcpy (boundary, ParseValue (ptr));
hadmulti = 1;
}
|