b9d1cda69c
Security Alert prompt_slk_response() have a formatting string problem, and 'subject' are controlled by remote, this may cause some problems. Patches by Matthieu Herrb <matthieu.herrb@laas.fr>
22 lines
1.1 KiB
Plaintext
22 lines
1.1 KiB
Plaintext
$OpenBSD: patch-src-feed_c,v 1.1 2001/08/31 10:27:19 shell Exp $
|
|
--- src/feed.c.orig Mon Jul 3 19:17:46 2000
|
|
+++ src/feed.c Fri Aug 31 18:10:16 2001
|
|
@@ -240,7 +240,7 @@
|
|
my_strncpy (my_mailbox, group->name, sizeof (my_mailbox));
|
|
my_strncpy (filename, my_mailbox, sizeof (filename));
|
|
} else { /* ask for post processing type */
|
|
- proc_ch = (char) prompt_slk_response(proc_ch_default, "eElLnqsu\033", txt_choose_post_process_type);
|
|
+ proc_ch = (char) prompt_slk_response(proc_ch_default, "eElLnqsu\033", "%s", txt_choose_post_process_type);
|
|
if (proc_ch == iKeyQuit || proc_ch == iKeyAbort) { /* exit */
|
|
clear_message ();
|
|
return;
|
|
@@ -266,7 +266,7 @@
|
|
if (strstr (from_name, arts[respnum].from)) {
|
|
# endif /* !FORGERY */
|
|
/* repost or supersede ? */
|
|
- option = (char) prompt_slk_response (option_default, "\033qrs", sized_message(txt_supersede_article, arts[respnum].subject));
|
|
+ option = (char) prompt_slk_response (option_default, "\033qrs", "%s", sized_message(txt_supersede_article, arts[respnum].subject));
|
|
|
|
switch (option) {
|
|
case iKeyFeedSupersede:
|