From: Karel Zak <kzak@redhat.com>
Date: Thu, 1 Oct 2020 11:29:46 +0000 (+0200)
Subject: script: don't use strings from user as printf-format [coverity scan]
X-Git-Tag: v2.37-rc1~446
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=bd4739dae2759e1490a0675d57d6421c95bb1b1e;p=thirdparty%2Futil-linux.git

script: don't use strings from user as printf-format [coverity scan]

Let's avoid format string vulnerability (TAINTED_STRING).

Signed-off-by: Karel Zak <kzak@redhat.com>
---

diff --git a/term-utils/script.c b/term-utils/script.c
index 0a12dda4f2..e9daaf00b7 100644
--- a/term-utils/script.c
+++ b/term-utils/script.c
@@ -1006,14 +1006,14 @@ int main(int argc, char **argv)
 			log_info(&ctl, "COLUMNS", "%d", ctl.ttycols);
 			log_info(&ctl, "LINES", "%d", ctl.ttylines);
 		}
-		log_info(&ctl, "SHELL", shell);
+		log_info(&ctl, "SHELL", "%s", shell);
 		if (command)
-			log_info(&ctl, "COMMAND", command);
-		log_info(&ctl, "TIMING_LOG", timingfile);
+			log_info(&ctl, "COMMAND", "%s", command);
+		log_info(&ctl, "TIMING_LOG", "%s", timingfile);
 		if (outfile)
-			log_info(&ctl, "OUTPUT_LOG", outfile);
+			log_info(&ctl, "OUTPUT_LOG", "%s", outfile);
 		if (infile)
-			log_info(&ctl, "INPUT_LOG", infile);
+			log_info(&ctl, "INPUT_LOG", "%s", infile);
 	}
 
         /* this is the main loop */