fix dangerous werrstr() usages

werrstr() takes a format string as its first argument. a common error is to pass user controlled string buffers into werrstr() that might contain format string escapes causing werrstr() to take bogus arguments from the stack and crash. so instead of doing: werrstr(buf); we want todo: werrstr("%s", buf); or if we have a local ERRMAX sized buffer that we can override: errstr(buf, sizeof buf);
author: cinap_lenrek <cinap_lenrek@felloff.net> 2014-11-07 12:51:59 +0100
committer: cinap_lenrek <cinap_lenrek@felloff.net> 2014-11-07 12:51:59 +0100
commit: 797cc13c7053dbdd16c20dc4dee5aee8c92390b0 (patch)
tree: 5aa7a00f0edeb1d2938d2dff116ee37f2570e8a5 /sys/src/cmd/cec
parent: 5364fa720de3b963a88dc4810ed83b4f2ab11d12 (diff)
1 files changed, 8 insertions, 8 deletions
diff --git a/sys/src/cmd/cec/cec.c b/sys/src/cmd/cec/cec.c
index f962a037e..90aae6217 100644
--- a/sys/src/cmd/cec/cec.c
+++ b/sys/src/cmd/cec/cec.c
@@ -196,14 +196,14 @@ timewait(int ms)
 int
 didtimeout(void)
 {
-	char buf[ERRMAX];
-
-	rerrstr(buf, sizeof buf);
-	if(strcmp(buf, "interrupted") == 0){
-		werrstr(buf, 0);
-		return 1;
-	}
-	return 0;
+	char err[ERRMAX];
+	int rv;
+
+	*err = 0;
+	errstr(err, sizeof err);
+	rv = strcmp(err, "interrupted") == 0;
+	errstr(err, sizeof err);
+	return rv;
 }
 
 ushort
author	cinap_lenrek <cinap_lenrek@felloff.net>	2014-11-07 12:51:59 +0100
committer	cinap_lenrek <cinap_lenrek@felloff.net>	2014-11-07 12:51:59 +0100
commit	797cc13c7053dbdd16c20dc4dee5aee8c92390b0 (patch)
tree	5aa7a00f0edeb1d2938d2dff116ee37f2570e8a5 /sys/src/cmd/cec
parent	5364fa720de3b963a88dc4810ed83b4f2ab11d12 (diff)