drew
/
acadia-newlib
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

newlib: wordexp: drop dangerous fprintf 

wordexp uses fprintf in a dangerous way.  It uses an unchecked
input string as format string, rather than as parameter to a %s.
Replace fprintf with fputs.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
This commit is contained in:
Corinna Vinschen 2018-08-08 10:39:45 +02:00
parent 8bfb1afd6b
commit 5ace9004d9
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
newlib/libc/posix/wordexp.c
View File

@ -127,9 +127,9 @@ wordexp(const char *__restrict words, wordexp_t *__restrict pwordexp, int flags)
if (flags & WRDE_SHOWERR) if (flags & WRDE_SHOWERR)
{ {
fprintf(stderr, tmp); fputs(tmp, stderr);
while(fgets(tmp, MAXLINELEN, f_err)) while(fgets(tmp, MAXLINELEN, f_err))
fprintf(stderr, tmp); fputs(tmp, stderr);
} }
goto cleanup; goto cleanup;