From 4cd2c0a608eaebe23dddd4ae2d15e548073074df Mon Sep 17 00:00:00 2001
From: Norbert Thiebaud <nthiebaud@gmail.com>
Date: Sun, 3 Oct 2010 02:02:04 -0500
Subject: security issue: using an un-sanitized string as format of a fprintf

security issue: using an un-sanitized string as format of a fprintf

the argument of fprintf, from aSrsName, come from a command line.
It can contain %s or any other kind of formatting instruction that
could be use to do evil things at run-time
---
 rsc/source/prj/start.cxx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'rsc/source/prj')

diff --git a/rsc/source/prj/start.cxx b/rsc/source/prj/start.cxx
index a2841dd9765b..8e723a4801d4 100644
--- a/rsc/source/prj/start.cxx
+++ b/rsc/source/prj/start.cxx
@@ -258,7 +258,7 @@ static BOOL CallRsc2( ByteString aRsc2Name,
 #ifdef OS2
         fprintf( fRspFile, "%s\n", aSrsName.GetBuffer() );
 #else
-        fprintf( fRspFile, aSrsName.GetBuffer() );
+        fprintf( fRspFile, "%s", aSrsName.GetBuffer() );
 #endif
 
         pString = pInputList->First();
-- 
cgit