Package: pinentry / 1.1.0-4

0003-fltk-Fix-formatting-escapes.patch Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Thu, 7 Feb 2019 23:11:19 +0000
Subject: fltk: Fix formatting escapes.

* fltk/main.cxx (fltk_cmd_handler): Fix calls to fl_message()
and fl_choice() functions.
--

The fl_message and fl_choice functions expect a format string as
their first argument; passing the message directly might cause a
crash (or worse) if the message happens to contain formatting
escape chars.

GnuPG-bug-id: 4337
Signed-off-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
(cherry picked from commit a60e4f8142159b3e2df10d8d725b9680be5b4616)
---
 fltk/main.cxx | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/fltk/main.cxx b/fltk/main.cxx
index 8e7e726..5d226ed 100644
--- a/fltk/main.cxx
+++ b/fltk/main.cxx
@@ -241,12 +241,12 @@ static int fltk_cmd_handler(pinentry_t pe)
 				if (pe->one_button)
 				{
 					fl_ok = ok.c_str();
-					fl_message(message);
+					fl_message("%s", message);
 					result = 1; // OK
 				}
 				else if (pe->notok)
 				{
-					switch (fl_choice(message, ok.c_str(), cancel.c_str(), pe->notok))
+					switch (fl_choice("%s", ok.c_str(), cancel.c_str(), pe->notok, message))
 					{
 					case 0: result = 1; break;
 					case 2: result = 0; break;
@@ -256,7 +256,7 @@ static int fltk_cmd_handler(pinentry_t pe)
 				}
 				else
 				{
-					switch (fl_choice(message, ok.c_str(), cancel.c_str(), NULL))
+					switch (fl_choice("%s", ok.c_str(), cancel.c_str(), NULL, message))
 					{
 					case 0: result = 1; break;
 					default: