Re: CVS commit: basesrc

[Michael Eriksson <eramore%era-t.ericsson.se@localhost>]

Andy Doran wrote:
> Module Name:  basesrc
> Committed By: ad
> Date:         Thu Jul  6 14:01:07 UTC 2000
> 
> Modified Files:
>       basesrc/sbin/atactl: atactl.c
> 
> Log Message:
> printf fmt string without %s, from OpenBSD.
> 
> 
> To generate a diff of this commit:
> cvs rdiff -r1.6 -r1.7 basesrc/sbin/atactl/atactl.c

bolle>cvs rdiff -r1.6 -r1.7 basesrc/sbin/atactl/atactl.c
Index: basesrc/sbin/atactl/atactl.c
diff -c basesrc/sbin/atactl/atactl.c:1.6 basesrc/sbin/atactl/atactl.c:1.7
*** basesrc/sbin/atactl/atactl.c:1.6    Sun Oct 31 18:30:58 1999
--- basesrc/sbin/atactl/atactl.c        Thu Jul  6 07:01:06 2000
***************
*** 1,4 ****
! /*    $NetBSD: atactl.c,v 1.6 1999/11/01 02:30:58 soren Exp $ */
  
  /*-
   * Copyright (c) 1998 The NetBSD Foundation, Inc.
--- 1,4 ----
! /*    $NetBSD: atactl.c,v 1.7 2000/07/06 14:01:06 ad Exp $    */
  
  /*-
   * Copyright (c) 1998 The NetBSD Foundation, Inc.
***************
*** 267,273 ****
  
        for (; binfo->bitmask != NULL; binfo++)
                if (bits & binfo->bitmask)
!                       printf(f, binfo->string);
  }
  
  /*
--- 267,273 ----
  
        for (; binfo->bitmask != NULL; binfo++)
                if (bits & binfo->bitmask)
!                       printf(f, "%s", binfo->string);
  }
  
  /*

That look bogus to me. Please observe that the format string is sent
in the f parameter to the print_bitinfo() function.

I don't think we should adopt all OpenBSD's "fixes" without checking
them. It's not unlikely that they have also introduced one or two new
bugs during their "security audit"...

-- 
Michael Eriksson <eramore%era-t.ericsson.se@localhost>
NO CARRIER