[packages/ntp.git] / ntp-format-security.patch

diff -ur ntp-4.2.6p5/lib/isc/unix/ifiter_ioctl.c ntp-4.2.6p5.new/lib/isc/unix/ifiter_ioctl.c
--- ntp-4.2.6p5/lib/isc/unix/ifiter_ioctl.c	2010-12-25 09:40:34.000000000 +0000
+++ ntp-4.2.6p5.new/lib/isc/unix/ifiter_ioctl.c	2012-10-22 11:34:15.000000000 +0100
@@ -159,7 +159,7 @@
 				break;
 		}
 		if (iter->bufsize >= IFCONF_BUFSIZE_MAX) {
-			UNEXPECTED_ERROR(__FILE__, __LINE__,
+			UNEXPECTED_ERROR(__FILE__, __LINE__, "%s",
 					 isc_msgcat_get(isc_msgcat,
 							ISC_MSGSET_IFITERIOCTL,
 							ISC_MSG_BUFFERMAX,
diff -ur ntp-4.2.6p5/ntpd/ntp_config.c ntp-4.2.6p5.new/ntpd/ntp_config.c
--- ntp-4.2.6p5/ntpd/ntp_config.c	2012-10-22 11:43:38.000000000 +0100
+++ ntp-4.2.6p5.new/ntpd/ntp_config.c	2012-10-22 11:38:02.000000000 +0100
@@ -2334,7 +2334,7 @@
 		if ((RES_MSSNTP & flags) && !warned_signd) {
 			warned_signd = 1;
 			fprintf(stderr, "%s\n", signd_warning);
-			msyslog(LOG_WARNING, signd_warning);
+			msyslog(LOG_WARNING, "%s", signd_warning);
 		}
 	}
 }
diff -ur ntp-4.2.6p5/ntpd/ntp_control.c ntp-4.2.6p5.new/ntpd/ntp_control.c
--- ntp-4.2.6p5/ntpd/ntp_control.c	2011-12-09 02:00:53.000000000 +0000
+++ ntp-4.2.6p5.new/ntpd/ntp_control.c	2012-10-22 11:37:11.000000000 +0100
@@ -2962,7 +2962,7 @@
 			    " %s", str);
 		}
 		NLOG(NLOG_SYSEVENT)
-		    msyslog(LOG_INFO, statstr);
+		    msyslog(LOG_INFO, "%s", statstr);
 	} else {
 
 		/*
@@ -2994,7 +2994,7 @@
 			    " %s", str);
 		}
 		NLOG(NLOG_PEEREVENT)
-		    msyslog(LOG_INFO, statstr);
+		    msyslog(LOG_INFO, "%s", statstr);
 	}
 	record_proto_stats(statstr);
 #if DEBUG
diff -ur ntp-4.2.6p5/ntpd/ntpd.c ntp-4.2.6p5.new/ntpd/ntpd.c
--- ntp-4.2.6p5/ntpd/ntpd.c	2012-10-22 11:43:38.000000000 +0100
+++ ntp-4.2.6p5.new/ntpd/ntpd.c	2012-10-22 11:39:33.000000000 +0100
@@ -1242,7 +1242,7 @@
 
 	msyslog(LOG_ERR, "%s:%d: fatal error:", file, line);
 	vsnprintf(errbuf, sizeof(errbuf), format, args);
-	msyslog(LOG_ERR, errbuf);
+	msyslog(LOG_ERR, "%s", errbuf);
 	msyslog(LOG_ERR, "exiting (due to fatal error in library)");
 
 	abort();
@@ -1264,7 +1264,7 @@
 
 	msyslog(LOG_ERR, "%s:%d: unexpected error:", file, line);
 	vsnprintf(errbuf, sizeof(errbuf), format, args);
-	msyslog(LOG_ERR, errbuf);
+	msyslog(LOG_ERR, "%s", errbuf);
 
 	if (++unexpected_error_cnt == MAX_UNEXPECTED_ERRORS)
 	{
Commit	Line	Data
f59e8d31 KK	1	diff -ur ntp-4.2.6p5/lib/isc/unix/ifiter_ioctl.c ntp-4.2.6p5.new/lib/isc/unix/ifiter_ioctl.c
	2	--- ntp-4.2.6p5/lib/isc/unix/ifiter_ioctl.c 2010-12-25 09:40:34.000000000 +0000
	3	+++ ntp-4.2.6p5.new/lib/isc/unix/ifiter_ioctl.c 2012-10-22 11:34:15.000000000 +0100
	4	@@ -159,7 +159,7 @@
	5	break;
	6	}
	7	if (iter->bufsize >= IFCONF_BUFSIZE_MAX) {
	8	- UNEXPECTED_ERROR(__FILE__, __LINE__,
	9	+ UNEXPECTED_ERROR(__FILE__, __LINE__, "%s",
	10	isc_msgcat_get(isc_msgcat,
	11	ISC_MSGSET_IFITERIOCTL,
	12	ISC_MSG_BUFFERMAX,
f59e8d31 KK	13	diff -ur ntp-4.2.6p5/ntpd/ntp_config.c ntp-4.2.6p5.new/ntpd/ntp_config.c
	14	--- ntp-4.2.6p5/ntpd/ntp_config.c 2012-10-22 11:43:38.000000000 +0100
	15	+++ ntp-4.2.6p5.new/ntpd/ntp_config.c 2012-10-22 11:38:02.000000000 +0100
	16	@@ -2334,7 +2334,7 @@
	17	if ((RES_MSSNTP & flags) && !warned_signd) {
	18	warned_signd = 1;
	19	fprintf(stderr, "%s\n", signd_warning);
	20	- msyslog(LOG_WARNING, signd_warning);
	21	+ msyslog(LOG_WARNING, "%s", signd_warning);
	22	}
	23	}
	24	}
f59e8d31 KK	25	diff -ur ntp-4.2.6p5/ntpd/ntp_control.c ntp-4.2.6p5.new/ntpd/ntp_control.c
	26	--- ntp-4.2.6p5/ntpd/ntp_control.c 2011-12-09 02:00:53.000000000 +0000
	27	+++ ntp-4.2.6p5.new/ntpd/ntp_control.c 2012-10-22 11:37:11.000000000 +0100
	28	@@ -2962,7 +2962,7 @@
	29	" %s", str);
	30	}
	31	NLOG(NLOG_SYSEVENT)
	32	- msyslog(LOG_INFO, statstr);
	33	+ msyslog(LOG_INFO, "%s", statstr);
	34	} else {
	35
	36	/*
	37	@@ -2994,7 +2994,7 @@
	38	" %s", str);
	39	}
	40	NLOG(NLOG_PEEREVENT)
	41	- msyslog(LOG_INFO, statstr);
	42	+ msyslog(LOG_INFO, "%s", statstr);
	43	}
	44	record_proto_stats(statstr);
	45	#if DEBUG
f59e8d31 KK	46	diff -ur ntp-4.2.6p5/ntpd/ntpd.c ntp-4.2.6p5.new/ntpd/ntpd.c
	47	--- ntp-4.2.6p5/ntpd/ntpd.c 2012-10-22 11:43:38.000000000 +0100
	48	+++ ntp-4.2.6p5.new/ntpd/ntpd.c 2012-10-22 11:39:33.000000000 +0100
	49	@@ -1242,7 +1242,7 @@
	50
	51	msyslog(LOG_ERR, "%s:%d: fatal error:", file, line);
	52	vsnprintf(errbuf, sizeof(errbuf), format, args);
	53	- msyslog(LOG_ERR, errbuf);
	54	+ msyslog(LOG_ERR, "%s", errbuf);
	55	msyslog(LOG_ERR, "exiting (due to fatal error in library)");
	56
	57	abort();
	58	@@ -1264,7 +1264,7 @@
	59
	60	msyslog(LOG_ERR, "%s:%d: unexpected error:", file, line);
	61	vsnprintf(errbuf, sizeof(errbuf), format, args);
	62	- msyslog(LOG_ERR, errbuf);
	63	+ msyslog(LOG_ERR, "%s", errbuf);
	64
	65	if (++unexpected_error_cnt == MAX_UNEXPECTED_ERRORS)
	66	{