]> git.madduck.net Git - code/vcsh.git/commitdiff

madduck's git repository

Every one of the projects in this repository is available at the canonical URL git://git.madduck.net/madduck/pub/<projectpath> — see each project's metadata for the exact URL.

All patches and comments are welcome. Please squash your changes to logical commits before using git-format-patch and git-send-email to patches@git.madduck.net. If you'd read over the Git project's submission guidelines and adhered to them, I'd be especially grateful.

SSH access, as well as push access can be individually arranged.

If you use my repositories frequently, consider adding the following snippet to ~/.gitconfig and using the third clone URL listed for each project:

[url "git://git.madduck.net/madduck/"]
  insteadOf = madduck:

projects / code / vcsh.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 6bc1d17)
Fix format string vulnerabilities
authorThorsten Glaser <tg@mirbsd.org>
Wed, 7 May 2014 08:21:35 +0000 (10:21 +0200)
committerRichard Hartmann <richih@debian.org>
Wed, 7 May 2014 08:40:00 +0000 (10:40 +0200)
Never pass user input as first argument of printf(1),
similar to how you never do that with printf(3).

Signed-off-by: Thorsten Glaser <tg@mirbsd.org>
vcsh patch | blob | history

diff --git a/vcsh b/vcsh
index 18cd9e542097cbc006e9287e5730b130bc10e2a3..53bec40c10e63c63b6ca3f024481037c5a170035 100755 (executable)
--- a/vcsh
+++ b/vcsh
@@ -255,7 +255,7 @@ list_tracked_by() {
 pull() {
        hook pre-pull
        for VCSH_REPO_NAME in $(list); do
-               printf "$VCSH_REPO_NAME: "
+               printf '%s: ' "$VCSH_REPO_NAME"
                GIT_DIR=$VCSH_REPO_D/$VCSH_REPO_NAME.git; export GIT_DIR
                use
                git pull
@@ -268,7 +268,7 @@ pull() {
 push() {
        hook pre-push
        for VCSH_REPO_NAME in $(list); do
-               printf "$VCSH_REPO_NAME: "
+               printf '%s: ' "$VCSH_REPO_NAME"
                GIT_DIR=$VCSH_REPO_D/$VCSH_REPO_NAME.git; export GIT_DIR
                use
                git push
version controlled RC files

Legalese

All content available in this repository is copyright © martin f. krafft, unless otherwise noted.

All files and their content are released under the terms of the Artistic Licence 2.0, unless otherwise noted.

The operator of this repository shall not be held liable for offending content in pages linking to or linked from these page, nor does he endorse their content unless stated otherwise.