Fix a bunch of format string injection in VCDX and CDDA.

Initially reported by Kevin Finisterre

Fix a bunch of format string injection in VCDX and CDDA.
Initially reported by Kevin Finisterre
2f65bd42 · Rémi Denis-Courmont · b11fb39b · 2f65bd42 · 2f65bd42
Commit 2f65bd42 authored Jan 02, 2007 by Rémi Denis-Courmont
Hide whitespace changes
Inline Side-by-side

Showing with 11 additions and 11 deletions

modules/access/cdda/access.c modules/access/cdda/access.c +4 -4

modules/access/vcdx/access.c modules/access/vcdx/access.c +7 -7

No files found.
--- a/modules/access/cdda/access.c
+++ b/modules/access/cdda/access.c
@@ -92,17 +92,17 @@ cdio_log_handler( cdio_log_level_t level, const char message[] )
        case CDIO_LOG_DEBUG:
        case CDIO_LOG_INFO:
            if (p_cdda->i_debug & INPUT_DBG_CDIO)
-            msg_Dbg( p_cdda_input, message);
+            msg_Dbg( p_cdda_input, "%s", message);
            break;
        case CDIO_LOG_WARN:
-            msg_Warn( p_cdda_input, message);
+            msg_Warn( p_cdda_input, "%s", message);
            break;
        case CDIO_LOG_ERROR:
        case CDIO_LOG_ASSERT:
-            msg_Err( p_cdda_input, message);
+            msg_Err( p_cdda_input, "%s", message);
            break;
        default:
-            msg_Warn( p_cdda_input, message,
+            msg_Warn( p_cdda_input, "%s\n%s %d", message,
                    "the above message had unknown cdio log level",
                    level);
            break;

--- a/modules/access/vcdx/access.c
+++ b/modules/access/vcdx/access.c
@@ -91,17 +91,17 @@ cdio_log_handler (cdio_log_level_t level, const char message[])
  case CDIO_LOG_DEBUG:
  case CDIO_LOG_INFO:
    if (p_vcdplayer->i_debug & INPUT_DBG_CDIO)
-      msg_Dbg( p_vcd_access, message);
+      msg_Dbg( p_vcd_access, "%s", message);
    break;
  case CDIO_LOG_WARN:
-    msg_Warn( p_vcd_access, message);
+    msg_Warn( p_vcd_access, "%s", message);
    break;
  case CDIO_LOG_ERROR:
  case CDIO_LOG_ASSERT:
-    msg_Err( p_vcd_access, message);
+    msg_Err( p_vcd_access, "%s", message);
    break;
  default:
-    msg_Warn( p_vcd_access, message,
+    msg_Warn( p_vcd_access, "%s\n%s %d", message,
            _("The above message had unknown log level"),
            level);
  }
@@ -117,14 +117,14 @@ vcd_log_handler (vcd_log_level_t level, const char message[])
  case VCD_LOG_DEBUG:
  case VCD_LOG_INFO:
    if (p_vcdplayer->i_debug & INPUT_DBG_VCDINFO)
-      msg_Dbg( p_vcd_access, message);
+      msg_Dbg( p_vcd_access, "%s", message);
    break;
  case VCD_LOG_WARN:
-    msg_Warn( p_vcd_access, message);
+    msg_Warn( p_vcd_access, "%s", message);
    break;
  case VCD_LOG_ERROR:
  case VCD_LOG_ASSERT:
-    msg_Err( p_vcd_access, message);
+    msg_Err( p_vcd_access, "%s", message);
    break;
  default:
    msg_Warn( p_vcd_access, "%s\n%s %d", message,