]> git.madduck.net Git - code/vcsh.git/commitdiff

madduck's git repository

Every one of the projects in this repository is available at the canonical URL git://git.madduck.net/madduck/pub/<projectpath> — see each project's metadata for the exact URL.

All patches and comments are welcome. Please squash your changes to logical commits before using git-format-patch and git-send-email to patches@git.madduck.net. If you'd read over the Git project's submission guidelines and adhered to them, I'd be especially grateful.

SSH access, as well as push access can be individually arranged.

If you use my repositories frequently, consider adding the following snippet to ~/.gitconfig and using the third clone URL listed for each project:

[url "git://git.madduck.net/madduck/"]
  insteadOf = madduck:

Fix format string vulnerabilities
authorThorsten Glaser <tg@mirbsd.org>
Wed, 7 May 2014 08:21:35 +0000 (10:21 +0200)
committerThorsten Glaser <tg@mirbsd.org>
Wed, 7 May 2014 08:22:03 +0000 (10:22 +0200)
Never pass user input as first argument of printf(1),
similar to how you never do that with printf(3).

Signed-off-by: Thorsten Glaser <tg@mirbsd.org>
vcsh

diff --git a/vcsh b/vcsh
index 31a60194de79ecfdec0da5a3de7e4be2df6d4218..355e9fa7baa3da8d09e09be73ec2cd5bb22c7423 100755 (executable)
--- a/vcsh
+++ b/vcsh
@@ -255,7 +255,7 @@ list_tracked_by() {
 pull() {
        hook pre-pull
        for VCSH_REPO_NAME in $(list); do
 pull() {
        hook pre-pull
        for VCSH_REPO_NAME in $(list); do
-               printf "$VCSH_REPO_NAME: "
+               printf '%s: ' "$VCSH_REPO_NAME"
                GIT_DIR=$VCSH_REPO_D/$VCSH_REPO_NAME.git; export GIT_DIR
                use
                git pull
                GIT_DIR=$VCSH_REPO_D/$VCSH_REPO_NAME.git; export GIT_DIR
                use
                git pull
@@ -268,7 +268,7 @@ pull() {
 push() {
        hook pre-push
        for VCSH_REPO_NAME in $(list); do
 push() {
        hook pre-push
        for VCSH_REPO_NAME in $(list); do
-               printf "$VCSH_REPO_NAME: "
+               printf '%s: ' "$VCSH_REPO_NAME"
                GIT_DIR=$VCSH_REPO_D/$VCSH_REPO_NAME.git; export GIT_DIR
                use
                git push
                GIT_DIR=$VCSH_REPO_D/$VCSH_REPO_NAME.git; export GIT_DIR
                use
                git push