| unzip: Fixing security formatting issues |
| |
| Fix security formatting issues related to sprintf parameters expeted. |
| |
| [YOCTO #9551] |
| [https://bugzilla.yoctoproject.org/show_bug.cgi?id=9551] |
| |
| Upstream-Status: Inactive-Upstream [need a new release] |
| |
| Signed-off-by: Edwin Plauchu <edwin.plauchu.camacho@intel.com> |
| |
| diff --git a/extract.c b/extract.c |
| index 7cd9123..25c5a62 100644 |
| --- a/extract.c |
| +++ b/extract.c |
| @@ -475,7 +475,7 @@ int extract_or_test_files(__G) /* return PK-type error code */ |
| Info(slide, 0x401, ((char *)slide, |
| LoadFarString(CentSigMsg), j + blknum*DIR_BLKSIZ + 1)); |
| Info(slide, 0x401, ((char *)slide, |
| - LoadFarString(ReportMsg))); |
| + "%s",LoadFarString(ReportMsg))); |
| error_in_archive = PK_BADERR; |
| } |
| reached_end = TRUE; /* ...so no more left to do */ |
| @@ -754,8 +754,8 @@ int extract_or_test_files(__G) /* return PK-type error code */ |
| |
| #ifndef SFX |
| if (no_endsig_found) { /* just to make sure */ |
| - Info(slide, 0x401, ((char *)slide, LoadFarString(EndSigMsg))); |
| - Info(slide, 0x401, ((char *)slide, LoadFarString(ReportMsg))); |
| + Info(slide, 0x401, ((char *)slide, "%s", LoadFarString(EndSigMsg))); |
| + Info(slide, 0x401, ((char *)slide, "%s", LoadFarString(ReportMsg))); |
| if (!error_in_archive) /* don't overwrite stronger error */ |
| error_in_archive = PK_WARN; |
| } |
| diff --git a/list.c b/list.c |
| index 15e0011..0b484f6 100644 |
| --- a/list.c |
| +++ b/list.c |
| @@ -181,7 +181,7 @@ int list_files(__G) /* return PK-type error code */ |
| Info(slide, 0x401, |
| ((char *)slide, LoadFarString(CentSigMsg), j)); |
| Info(slide, 0x401, |
| - ((char *)slide, LoadFarString(ReportMsg))); |
| + ((char *)slide, "%s", LoadFarString(ReportMsg))); |
| return PK_BADERR; /* sig not found */ |
| } |
| } |
| @@ -507,7 +507,7 @@ int list_files(__G) /* return PK-type error code */ |
| && (!G.ecrec.is_zip64_archive) |
| && (memcmp(G.sig, end_central_sig, 4) != 0) |
| ) { /* just to make sure again */ |
| - Info(slide, 0x401, ((char *)slide, LoadFarString(EndSigMsg))); |
| + Info(slide, 0x401, ((char *)slide, "%s", LoadFarString(EndSigMsg))); |
| error_in_archive = PK_WARN; /* didn't find sig */ |
| } |
| |
| @@ -591,7 +591,7 @@ int get_time_stamp(__G__ last_modtime, nmember) /* return PK-type error code */ |
| Info(slide, 0x401, |
| ((char *)slide, LoadFarString(CentSigMsg), j)); |
| Info(slide, 0x401, |
| - ((char *)slide, LoadFarString(ReportMsg))); |
| + ((char *)slide, "%s", LoadFarString(ReportMsg))); |
| return PK_BADERR; /* sig not found */ |
| } |
| } |
| @@ -674,7 +674,7 @@ int get_time_stamp(__G__ last_modtime, nmember) /* return PK-type error code */ |
| ---------------------------------------------------------------------------*/ |
| |
| if (memcmp(G.sig, end_central_sig, 4)) { /* just to make sure again */ |
| - Info(slide, 0x401, ((char *)slide, LoadFarString(EndSigMsg))); |
| + Info(slide, 0x401, ((char *)slide, "%s", LoadFarString(EndSigMsg))); |
| error_in_archive = PK_WARN; |
| } |
| if (*nmember == 0L && error_in_archive <= PK_WARN) |
| diff --git a/zipinfo.c b/zipinfo.c |
| index 0ac75b3..1e7fa82 100644 |
| --- a/zipinfo.c |
| +++ b/zipinfo.c |
| @@ -833,7 +833,7 @@ int zipinfo(__G) /* return PK-type error code */ |
| Info(slide, 0x401, |
| ((char *)slide, LoadFarString(CentSigMsg), j)); |
| Info(slide, 0x401, |
| - ((char *)slide, LoadFarString(ReportMsg))); |
| + ((char *)slide, "%s", LoadFarString(ReportMsg))); |
| error_in_archive = PK_BADERR; /* sig not found */ |
| break; |
| } |
| @@ -1022,7 +1022,7 @@ int zipinfo(__G) /* return PK-type error code */ |
| && (!G.ecrec.is_zip64_archive) |
| && (memcmp(G.sig, end_central_sig, 4) != 0) |
| ) { /* just to make sure again */ |
| - Info(slide, 0x401, ((char *)slide, LoadFarString(EndSigMsg))); |
| + Info(slide, 0x401, ((char *)slide, "%s", LoadFarString(EndSigMsg))); |
| error_in_archive = PK_WARN; /* didn't find sig */ |
| } |
| |