Commit 5bc86a14 authored by Kees Cook's avatar Kees Cook Committed by David Zeuthen
Browse files

fix for CVE-2008-1658: format string vulnerability in password input

http://bugs.freedesktop.org/show_bug.cgi?id=15295
parent 26c3fcb9
......@@ -114,6 +114,16 @@ if test "x$GCC" = "xyes"; then
*) CFLAGS="$CFLAGS -Wsign-compare" ;;
esac
case " $CFLAGS " in
*[\ \ ]-Wformat[\ \ ]*) ;;
*) CFLAGS="$CFLAGS -Wformat" ;;
esac
case " $CFLAGS " in
*[\ \ ]-Wformat-security[\ \ ]*) ;;
*) CFLAGS="$CFLAGS -Wformat-security" ;;
esac
if test "x$enable_ansi" = "xyes"; then
case " $CFLAGS " in
*[\ \ ]-ansi[\ \ ]*) ;;
......
......@@ -241,7 +241,7 @@ do_auth (const char *user_to_auth, gboolean *empty_conversation)
*empty_conversation = FALSE;
/* send to parent */
fprintf (stdout, buf);
fprintf (stdout, "%s", buf);
fflush (stdout);
/* read from parent */
......@@ -252,7 +252,7 @@ do_auth (const char *user_to_auth, gboolean *empty_conversation)
fprintf (stderr, "received: '%s' from parent; sending to child\n", buf);
#endif /* PGH_DEBUG */
/* send to child */
fprintf (child_stdin, buf);
fprintf (child_stdin, "%s", buf);
fflush (child_stdin);
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment