Fixed string format vulnerability in client entry handling.

author Pekka Riikonen <priikone@silcnet.org>

Fri, 31 Jul 2009 19:32:57 +0000 (22:32 +0300)

committer Pekka Riikonen <priikone@silcnet.org>

Fri, 31 Jul 2009 19:32:57 +0000 (22:32 +0300)
author Pekka Riikonen <priikone@silcnet.org>
Fri, 31 Jul 2009 19:32:57 +0000 (22:32 +0300)
committer Pekka Riikonen <priikone@silcnet.org>
Fri, 31 Jul 2009 19:32:57 +0000 (22:32 +0300)
diff --git a/lib/silcclient/client_entry.c b/lib/silcclient/client_entry.c

index 003f2fcfd03116ab2d92b18b4c1421dbfc3383e6..c950bfb283ee032029b1663d0419d383a783b986 100644 (file)
--- a/lib/silcclient/client_entry.c
+++ b/lib/silcclient/client_entry.c
@@ -801,10 +801,10 @@ SilcClientEntry silc_client_add_client(SilcClient client,
                       client_entry->server, sizeof(client_entry->server));
    if (nickname && client->internal->params->full_nicknames)
      silc_snprintf(client_entry->nickname, sizeof(client_entry->nickname),
                       client_entry->server, sizeof(client_entry->server));
    if (nickname && client->internal->params->full_nicknames)
      silc_snprintf(client_entry->nickname, sizeof(client_entry->nickname),
-                 nickname);
+                 "%s", nickname);
    else if (nickname)
      silc_snprintf(client_entry->nickname, sizeof(client_entry->nickname),
    else if (nickname)
      silc_snprintf(client_entry->nickname, sizeof(client_entry->nickname),
-                 parsed);
+                 "%s", parsed);
  
    silc_parse_userfqdn(username, client_entry->username,
                       sizeof(client_entry->username),
  
    silc_parse_userfqdn(username, client_entry->username,
                       sizeof(client_entry->username),
@@ -900,10 +900,10 @@ void silc_client_update_client(SilcClient client,
                         client_entry->server, sizeof(client_entry->server));
      if (client->internal->params->full_nicknames)
        silc_snprintf(client_entry->nickname, sizeof(client_entry->nickname),
                         client_entry->server, sizeof(client_entry->server));
      if (client->internal->params->full_nicknames)
        silc_snprintf(client_entry->nickname, sizeof(client_entry->nickname),
-                   nickname);
+                   "%s", nickname);
      else
        silc_snprintf(client_entry->nickname, sizeof(client_entry->nickname),
      else
        silc_snprintf(client_entry->nickname, sizeof(client_entry->nickname),
-                   parsed);
+                   "%s", parsed);
  
      /* Normalize nickname */
      nick = silc_identifier_check(parsed, strlen(parsed),
  
      /* Normalize nickname */
      nick = silc_identifier_check(parsed, strlen(parsed),
@@ -1206,7 +1206,7 @@ SilcClientEntry silc_client_nickname_format(SilcClient client,
          return NULL;
  
        silc_snprintf(client_entry->nickname, sizeof(client_entry->nickname),
          return NULL;
  
        silc_snprintf(client_entry->nickname, sizeof(client_entry->nickname),
-                   cp);
+                   "%s", cp);
        silc_free(cp);
      }
  
        silc_free(cp);
      }
author	Pekka Riikonen <priikone@silcnet.org>
	Fri, 31 Jul 2009 19:32:57 +0000 (22:32 +0300)
committer	Pekka Riikonen <priikone@silcnet.org>
	Fri, 31 Jul 2009 19:32:57 +0000 (22:32 +0300)