From 40e5aabecac46a43b1e68d7c8cb0a4668e780bb1 Mon Sep 17 00:00:00 2001 From: Thorsten Glaser Date: Wed, 7 May 2014 10:21:35 +0200 Subject: [PATCH 1/1] Fix format string vulnerabilities Never pass user input as first argument of printf(1), similar to how you never do that with printf(3). Signed-off-by: Thorsten Glaser --- vcsh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/vcsh b/vcsh index 31a6019..355e9fa 100755 --- a/vcsh +++ b/vcsh @@ -255,7 +255,7 @@ list_tracked_by() { pull() { hook pre-pull for VCSH_REPO_NAME in $(list); do - printf "$VCSH_REPO_NAME: " + printf '%s: ' "$VCSH_REPO_NAME" GIT_DIR=$VCSH_REPO_D/$VCSH_REPO_NAME.git; export GIT_DIR use git pull @@ -268,7 +268,7 @@ pull() { push() { hook pre-push for VCSH_REPO_NAME in $(list); do - printf "$VCSH_REPO_NAME: " + printf '%s: ' "$VCSH_REPO_NAME" GIT_DIR=$VCSH_REPO_D/$VCSH_REPO_NAME.git; export GIT_DIR use git push -- 2.39.5