From: Pekka Riikonen <priikone@silcnet.org>
Date: Fri, 31 Jul 2009 19:32:57 +0000 (+0300)
Subject: Fixed string format vulnerability in client entry handling.
X-Git-Tag: silc.client.1.1.8~1
X-Git-Url: http://git.silcnet.org/gitweb/?p=silc.git;a=commitdiff_plain;h=1598b3a51b51a434037461ccd35487bc0df3137c

Fixed string format vulnerability in client entry handling.

Reported and patch provided by William Cummings.
---

diff --git a/lib/silcclient/client_entry.c b/lib/silcclient/client_entry.c
index 003f2fcf..c950bfb2 100644
--- a/lib/silcclient/client_entry.c
+++ b/lib/silcclient/client_entry.c
@@ -801,10 +801,10 @@ SilcClientEntry silc_client_add_client(SilcClient client,
 		      client_entry->server, sizeof(client_entry->server));
   if (nickname && client->internal->params->full_nicknames)
     silc_snprintf(client_entry->nickname, sizeof(client_entry->nickname),
-		  nickname);
+		  "%s", nickname);
   else if (nickname)
     silc_snprintf(client_entry->nickname, sizeof(client_entry->nickname),
-		  parsed);
+		  "%s", parsed);
 
   silc_parse_userfqdn(username, client_entry->username,
 		      sizeof(client_entry->username),
@@ -900,10 +900,10 @@ void silc_client_update_client(SilcClient client,
 			client_entry->server, sizeof(client_entry->server));
     if (client->internal->params->full_nicknames)
       silc_snprintf(client_entry->nickname, sizeof(client_entry->nickname),
-		    nickname);
+		    "%s", nickname);
     else
       silc_snprintf(client_entry->nickname, sizeof(client_entry->nickname),
-		    parsed);
+		    "%s", parsed);
 
     /* Normalize nickname */
     nick = silc_identifier_check(parsed, strlen(parsed),
@@ -1206,7 +1206,7 @@ SilcClientEntry silc_client_nickname_format(SilcClient client,
         return NULL;
 
       silc_snprintf(client_entry->nickname, sizeof(client_entry->nickname),
-		    cp);
+		    "%s", cp);
       silc_free(cp);
     }