From 5cfa9d1c925806f33bd5aee8c15811c31327ef04 Mon Sep 17 00:00:00 2001 From: =?utf8?q?R=C3=A9mi=20Denis-Courmont?= Date: Thu, 7 Jun 2007 17:34:15 +0000 Subject: [PATCH] Fix remote format string injection in SDP parser. (Sometimes there are good things about NOT being on MBONE) --- modules/services_discovery/sap.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/modules/services_discovery/sap.c b/modules/services_discovery/sap.c index e5cbc833da..117835ce4d 100644 --- a/modules/services_discovery/sap.c +++ b/modules/services_discovery/sap.c @@ -812,12 +812,13 @@ sap_announce_t *CreateAnnounce( services_discovery_t *p_sd, uint16_t i_hash, psz_value = GetAttribute( p_sap->p_sdp->pp_attributes, p_sap->p_sdp->i_attributes, "tool" ); if( psz_value != NULL ) { - input_ItemAddInfo( p_input, _("Session"),_("Tool"), psz_value ); + input_ItemAddInfo( p_input, _("Session"), _("Tool"), "%s", + psz_value ); } if( strcmp( p_sdp->username, "-" ) ) { - input_ItemAddInfo( p_input, _("Session"), - _("User"), p_sdp->username ); + input_ItemAddInfo( p_input, _("Session"), _("User"), "%s", + p_sdp->username ); } /* Handle group */ -- 2.39.2