b9d1cda69c
Security Alert prompt_slk_response() have a formatting string problem, and 'subject' are controlled by remote, this may cause some problems. Patches by Matthieu Herrb <matthieu.herrb@laas.fr>
22 lines
619 B
Plaintext
22 lines
619 B
Plaintext
$OpenBSD: patch-src-pgp_c,v 1.1 2001/08/31 10:27:19 shell Exp $
|
|
--- src/pgp.c.orig Mon Jul 3 19:17:46 2000
|
|
+++ src/pgp.c Fri Aug 31 18:10:16 2001
|
|
@@ -263,7 +263,7 @@
|
|
if (!pgp_available())
|
|
return;
|
|
|
|
- ch = prompt_slk_response(ch_default, "beqs\033", txt_pgp_mail);
|
|
+ ch = prompt_slk_response(ch_default, "beqs\033", "%s", txt_pgp_mail);
|
|
switch (ch) {
|
|
case ESC:
|
|
case 'q':
|
|
@@ -304,7 +304,7 @@
|
|
if (!pgp_available())
|
|
return;
|
|
|
|
- ch = prompt_slk_response(ch_default, "iqs\033", txt_pgp_news);
|
|
+ ch = prompt_slk_response(ch_default, "iqs\033", "%s", txt_pgp_news);
|
|
switch (ch) {
|
|
case ESC:
|
|
case 'q':
|