CVS commit: pkgsrc/security/priv/patches

["Nia Alarie" <nia%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   nia
Date:           Fri Feb  5 13:27:42 UTC 2021

Added Files:
        pkgsrc/security/priv/patches: patch-priv.c

Log Message:
Actually add the patch I intended to, thx wiz


To generate a diff of this commit:
cvs rdiff -u -r0 -r1.1 pkgsrc/security/priv/patches/patch-priv.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Added files:

Index: pkgsrc/security/priv/patches/patch-priv.c
diff -u /dev/null pkgsrc/security/priv/patches/patch-priv.c:1.1
--- /dev/null   Fri Feb  5 13:27:42 2021
+++ pkgsrc/security/priv/patches/patch-priv.c   Fri Feb  5 13:27:42 2021
@@ -0,0 +1,17 @@
+$NetBSD: patch-priv.c,v 1.1 2021/02/05 13:27:42 nia Exp $
+
+Do not directly pass user input to a printf function.
+
+--- priv.c.orig        2004-02-09 04:37:07.000000000 +0000
++++ priv.c
+@@ -370,8 +370,8 @@ main(int argc, char **argv, char **envp)
+       }
+ 
+       /* All's well so far, get ready to execute the command. */
+-      syslog(LOG_INFO, build_log_message(myfullname, argv + 1, realprog,
+-          nflags));
++      syslog(LOG_INFO, "%s",
++          build_log_message(myfullname, argv + 1, realprog, nflags));
+       envp = lockdown(nflags, realprog, pw, envp);
+       execve(realprog, argv + 1, envp);
+       sverr = errno;