From: Rob Landley <rob@landley.net>
Date: Mon, 12 Dec 2005 06:49:33 +0000 (-0000)
Subject: printf() arguments shouldn't be passed straight from user supplied data.
X-Git-Tag: 1_1_0~433
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=cdbae77823d82ad0451007f1b192f782c33f2764;p=oweals%2Fbusybox.git

printf() arguments shouldn't be passed straight from user supplied data.
(Security thingy.)
---

diff --git a/coreutils/ln.c b/coreutils/ln.c
index 6751e9093..dcb70d40f 100644
--- a/coreutils/ln.c
+++ b/coreutils/ln.c
@@ -106,7 +106,7 @@ extern int ln_main(int argc, char **argv)
 		}
 
 		if (link_func(*argv, src) != 0) {
-			bb_perror_msg(src);
+			bb_perror_msg("%s", src);
 			status = EXIT_FAILURE;
 		}