From 8859c18d03712d3020f9177e282aee9d0c01248c Mon Sep 17 00:00:00 2001 From: millert <> Date: Fri, 30 Jun 2000 16:00:07 +0000 Subject: [PATCH] warnx?/errx? paranoia (use "%s" not a bare string unless it is a constant). These are not security holes but it is worth fixing them anyway both for robustness and so folks looking for examples in the tree are not misled into doing something potentially dangerous. Furthermore, it is a bad idea to assume that pathnames will not include '%' in them and that error routines don't return strings with '%' in them (especially in light of the possibility of locales). --- src/lib/libutil/passwd.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/lib/libutil/passwd.c b/src/lib/libutil/passwd.c index 456f878c..5de35e97 100644 --- a/src/lib/libutil/passwd.c +++ b/src/lib/libutil/passwd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: passwd.c,v 1.20 1998/11/16 07:10:32 deraadt Exp $ */ +/* $OpenBSD: passwd.c,v 1.21 2000/06/30 16:00:07 millert Exp $ */ /* * Copyright (c) 1987, 1993, 1994, 1995 @@ -34,7 +34,7 @@ */ #if defined(LIBC_SCCS) && !defined(lint) -static char rcsid[] = "$OpenBSD: passwd.c,v 1.20 1998/11/16 07:10:32 deraadt Exp $"; +static char rcsid[] = "$OpenBSD: passwd.c,v 1.21 2000/06/30 16:00:07 millert Exp $"; #endif /* LIBC_SCCS and not lint */ #include @@ -579,7 +579,7 @@ pw_error(name, err, eval) char *master = pw_file(_PATH_MASTERPASSWD); if (err) - warn(name); + warn("%s", name); if (master) warnx("%s: unchanged", master); pw_abort();