From: Thorsten Glaser Date: Wed, 7 May 2014 08:21:35 +0000 (+0200) Subject: Fix format string vulnerabilities X-Git-Url: https://git.madduck.net/code/vcsh.git/commitdiff_plain/5c7de27b054f7012b014bb21a90615e7ab567d68?ds=sidebyside;hp=-c Fix format string vulnerabilities Never pass user input as first argument of printf(1), similar to how you never do that with printf(3). Signed-off-by: Thorsten Glaser --- 5c7de27b054f7012b014bb21a90615e7ab567d68 diff --git a/vcsh b/vcsh index 18cd9e5..53bec40 100755 --- a/vcsh +++ b/vcsh @@ -255,7 +255,7 @@ list_tracked_by() { pull() { hook pre-pull for VCSH_REPO_NAME in $(list); do - printf "$VCSH_REPO_NAME: " + printf '%s: ' "$VCSH_REPO_NAME" GIT_DIR=$VCSH_REPO_D/$VCSH_REPO_NAME.git; export GIT_DIR use git pull @@ -268,7 +268,7 @@ pull() { push() { hook pre-push for VCSH_REPO_NAME in $(list); do - printf "$VCSH_REPO_NAME: " + printf '%s: ' "$VCSH_REPO_NAME" GIT_DIR=$VCSH_REPO_D/$VCSH_REPO_NAME.git; export GIT_DIR use git push