upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-05-28 04:12:45 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Don't call printf with no format string. This is technically a security

Browse source 
vulnerability and could in principle be used to upload a new kernel from the
bootloader :-)
This commit is contained in:
Kris Kennaway 2000-07-10 06:33:55 +00:00
parent c98c98a822
commit 487730cc8b
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
sys/boot/common/commands.c
View file

@ -326,7 +326,7 @@ command_echo(int argc, char *argv[])
s = unargv(argc, argv);
if (s != NULL) {
printf(s);
printf("%s", s);
free(s);
}
if (!nl)
@ -378,7 +378,7 @@ command_read(int argc, char *argv[])
name = (argc > 0) ? argv[0]: NULL;
if (prompt != NULL)
printf(prompt);
printf("%s", prompt);
if (timeout >= 0) {
when = time(NULL) + timeout;
while (!ischar())