From d827d4850e405f098ed0967f02ef3034dbddd661 Mon Sep 17 00:00:00 2001 From: Xeonacid Date: Wed, 19 Jan 2022 23:19:35 +0800 Subject: [PATCH 1/2] fix(changeUserPwd/run-passwd.cpp): format security Add "%s" format to g_error_new, to fix the format string security issue. --- changeUserPwd/run-passwd.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/changeUserPwd/run-passwd.cpp b/changeUserPwd/run-passwd.cpp index 59a765011..aca032f16 100644 --- a/changeUserPwd/run-passwd.cpp +++ b/changeUserPwd/run-passwd.cpp @@ -377,7 +377,7 @@ static gboolean io_watch_stdout (GIOChannel *source, GIOCondition condition, Pas "Your password has been changed after you verify!"); } */else { error = g_error_new (PASSWD_ERROR, PASSWD_ERROR_UNKNOWN, - str->str); + "%s", str->str); } /* At this point, passwd might have exited, in which case From 4c08b8437ff3c828e672631f35638b3c5725c00b Mon Sep 17 00:00:00 2001 From: Xeonacid Date: Sat, 12 Feb 2022 13:25:20 +0800 Subject: [PATCH 2/2] fix: use g_error_new_literal Co-authored-by: Jan Alexander Steffens --- changeUserPwd/run-passwd.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/changeUserPwd/run-passwd.cpp b/changeUserPwd/run-passwd.cpp index aca032f16..ada30202e 100644 --- a/changeUserPwd/run-passwd.cpp +++ b/changeUserPwd/run-passwd.cpp @@ -376,8 +376,8 @@ static gboolean io_watch_stdout (GIOChannel *source, GIOCondition condition, Pas error = g_error_new (PASSWD_ERROR, PASSWD_ERROR_AUTH_FAILED, "Your password has been changed after you verify!"); } */else { - error = g_error_new (PASSWD_ERROR, PASSWD_ERROR_UNKNOWN, - "%s", str->str); + error = g_error_new_literal (PASSWD_ERROR, PASSWD_ERROR_UNKNOWN, + str->str); } /* At this point, passwd might have exited, in which case