From bd4739dae2759e1490a0675d57d6421c95bb1b1e Mon Sep 17 00:00:00 2001
From: Karel Zak <kzak@redhat.com>
Date: Thu, 1 Oct 2020 13:29:46 +0200
Subject: [PATCH] script: don't use strings from user as printf-format
 [coverity scan]

Let's avoid format string vulnerability (TAINTED_STRING).

Signed-off-by: Karel Zak <kzak@redhat.com>
---
 term-utils/script.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/term-utils/script.c b/term-utils/script.c
index 0a12dda4f2..e9daaf00b7 100644
--- a/term-utils/script.c
+++ b/term-utils/script.c
@@ -1006,14 +1006,14 @@ int main(int argc, char **argv)
 			log_info(&ctl, "COLUMNS", "%d", ctl.ttycols);
 			log_info(&ctl, "LINES", "%d", ctl.ttylines);
 		}
-		log_info(&ctl, "SHELL", shell);
+		log_info(&ctl, "SHELL", "%s", shell);
 		if (command)
-			log_info(&ctl, "COMMAND", command);
-		log_info(&ctl, "TIMING_LOG", timingfile);
+			log_info(&ctl, "COMMAND", "%s", command);
+		log_info(&ctl, "TIMING_LOG", "%s", timingfile);
 		if (outfile)
-			log_info(&ctl, "OUTPUT_LOG", outfile);
+			log_info(&ctl, "OUTPUT_LOG", "%s", outfile);
 		if (infile)
-			log_info(&ctl, "INPUT_LOG", infile);
+			log_info(&ctl, "INPUT_LOG", "%s", infile);
 	}
 
         /* this is the main loop */
-- 
2.47.2