1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
|
From: Ole Streicher <olebole@debian.org>
Date: Mon, 11 Dec 2017 10:26:01 +0100
Subject: Fix format security errors
---
src/xml.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/src/xml.c b/src/xml.c
index 8cc872c..1fd6029 100644
--- a/src/xml.c
+++ b/src/xml.c
@@ -566,7 +566,7 @@ int write_xmlconfigparam(FILE *file, char *name, char *unit,
n = *(key[i].nlistptr);
if (n)
{
- sprintf(value, ((char **)key[i].ptr)[0]);
+ sprintf(value, "%s", ((char **)key[i].ptr)[0]);
fprintf(file, " <PARAM name=\"%s\" datatype=\"char\""
" arraysize=\"*\" ucd=\"%s\" value=\"%s",
name, ucd, value);
@@ -583,7 +583,7 @@ int write_xmlconfigparam(FILE *file, char *name, char *unit,
name, ucd);
break;
case P_KEY:
- sprintf(value, key[i].keylist[*((int *)key[i].ptr)]);
+ sprintf(value, "%s", key[i].keylist[*((int *)key[i].ptr)]);
fprintf(file, " <PARAM name=\"%s\" datatype=\"char\" arraysize=\"*\""
" ucd=\"%s\" value=\"%s\"/>\n",
name, ucd, value);
@@ -592,13 +592,13 @@ int write_xmlconfigparam(FILE *file, char *name, char *unit,
n = *(key[i].nlistptr);
if (n)
{
- sprintf(value, key[i].keylist[((int *)key[i].ptr)[0]]);
+ sprintf(value, "%s", key[i].keylist[((int *)key[i].ptr)[0]]);
fprintf(file, " <PARAM name=\"%s\" datatype=\"char\""
" arraysize=\"*\" ucd=\"%s\" value=\"%s",
name, ucd, value);
for (j=1; j<n; j++)
{
- sprintf(value, key[i].keylist[((int *)key[i].ptr)[j]]);
+ sprintf(value, "%s", key[i].keylist[((int *)key[i].ptr)[j]]);
fprintf(file, ",%s", value);
}
fprintf(file, "\"/>\n");
|
