script: don't use strings from user as printf-format [coverity scan]

Let's avoid format string vulnerability (TAINTED_STRING).

Signed-off-by: Karel Zak <kzak@redhat.com>

diff --git a/term-utils/script.c b/term-utils/script.c
index 0a12dda4f2c0cbce3e3cc458b2262f86f310cd53..e9daaf00b789b89dce468fb32a2b3e3d95a70aef 100644 (file)
--- a/term-utils/script.c
+++ b/term-utils/script.c
@@ -1006,14 +1006,14 @@ int main(int argc, char **argv)
                        log_info(&ctl, "COLUMNS", "%d", ctl.ttycols);
                        log_info(&ctl, "LINES", "%d", ctl.ttylines);
                }
-               log_info(&ctl, "SHELL", shell);
+               log_info(&ctl, "SHELL", "%s", shell);
                if (command)
-                       log_info(&ctl, "COMMAND", command);
-               log_info(&ctl, "TIMING_LOG", timingfile);
+                       log_info(&ctl, "COMMAND", "%s", command);
+               log_info(&ctl, "TIMING_LOG", "%s", timingfile);
                if (outfile)
-                       log_info(&ctl, "OUTPUT_LOG", outfile);
+                       log_info(&ctl, "OUTPUT_LOG", "%s", outfile);
                if (infile)
-                       log_info(&ctl, "INPUT_LOG", infile);
+                       log_info(&ctl, "INPUT_LOG", "%s", infile);
        }
 
         /* this is the main loop */