From 797cc13c7053dbdd16c20dc4dee5aee8c92390b0 Mon Sep 17 00:00:00 2001
From: cinap_lenrek <cinap_lenrek@felloff.net>
Date: Fri, 7 Nov 2014 12:51:59 +0100
Subject: fix dangerous werrstr() usages

werrstr() takes a format string as its first argument.
a common error is to pass user controlled string buffers
into werrstr() that might contain format string escapes
causing werrstr() to take bogus arguments from the stack
and crash.

so instead of doing:
	werrstr(buf);

we want todo:
	werrstr("%s", buf);

or if we have a local ERRMAX sized buffer that we can override:
	errstr(buf, sizeof buf);
---
 sys/src/cmd/cpu.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'sys/src/cmd/cpu.c')

diff --git a/sys/src/cmd/cpu.c b/sys/src/cmd/cpu.c
index 361f568b2..1bfec1764 100644
--- a/sys/src/cmd/cpu.c
+++ b/sys/src/cmd/cpu.c
@@ -443,7 +443,7 @@ rexcall(int *fd, char *host, char *service)
 		if(n < 0)
 			return "negotiating aan";
 		if(*err){
-			werrstr(err);
+			errstr(err, sizeof err);
 			return negstr;
 		}
 	}
@@ -460,7 +460,7 @@ rexcall(int *fd, char *host, char *service)
 	if(n < 0)
 		return negstr;
 	if(*err){
-		werrstr(err);
+		errstr(err, sizeof err);
 		return negstr;
 	}
 
-- 
cgit v1.2.3