From: Simon McVittie <simon.mcvittie@collabora.co.uk>
Date: Fri, 7 Oct 2016 18:01:01 +0000 (+0100)
Subject: dbus_signature_validate: be sure to use a literal format string
X-Git-Tag: dbus-1.11.8~33
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=e190a40504a3c8f822ef3ed254ae35c69506b95f;p=thirdparty%2Fdbus.git

dbus_signature_validate: be sure to use a literal format string

This was not a security vulnerability because
_dbus_validity_to_error_message() doesn't return anything containing
"%", but the compiler can't know that.

Found by adding more _DBUS_GNUC_PRINTF attributes.

Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
---

diff --git a/dbus/dbus-signature.c b/dbus/dbus-signature.c
index 6f1521b10..ef9eca914 100644
--- a/dbus/dbus-signature.c
+++ b/dbus/dbus-signature.c
@@ -244,7 +244,8 @@ dbus_signature_validate (const char       *signature,
     return TRUE;
   else
     {
-      dbus_set_error (error, DBUS_ERROR_INVALID_SIGNATURE, _dbus_validity_to_error_message (reason));
+      dbus_set_error (error, DBUS_ERROR_INVALID_SIGNATURE, "%s",
+          _dbus_validity_to_error_message (reason));
       return FALSE;
     }
 }