We should always call warning() with a format string or a string literal.

In this case, the argument (path) is not user-controlled.

diff --git a/plugins/sudoers/toke.c b/plugins/sudoers/toke.c
index b71c2ad3c4cccd09ca0302ced6f2e91f4c29dcf1..e1c6ac1f99530e75a5b348cfd35b0a56e73e1c36 100644 (file)
--- a/plugins/sudoers/toke.c
+++ b/plugins/sudoers/toke.c
@@ -1485,7 +1485,7 @@ int sudolineno;
 int last_token;
 char *sudoers;
 
-/* Default sudoers path, mode and owner */
+/* Default sudoers path, mode and owner (may be set via sudo.conf) */
 const char *sudoers_file = _PATH_SUDOERS;
 mode_t sudoers_mode = SUDOERS_MODE;
 uid_t sudoers_uid = SUDOERS_UID;
@@ -3528,7 +3528,7 @@ _push_include(char *path, bool isdir)
            case SUDO_PATH_BAD_TYPE:
                errno = ENOTDIR;
                if (sudoers_warnings) {
-                   warning(path);
+                   warning("%s", path);
                }
                debug_return_bool(false);
            case SUDO_PATH_WRONG_OWNER:

diff --git a/plugins/sudoers/toke.l b/plugins/sudoers/toke.l
index 967de07fd3f65cbf6d3596f331f274c6fbaffeea..e830f84dd90dc760acc4fda55ca17b8fe005aa51 100644 (file)
--- a/plugins/sudoers/toke.l
+++ b/plugins/sudoers/toke.l
@@ -819,7 +819,7 @@ _push_include(char *path, bool isdir)
            case SUDO_PATH_BAD_TYPE:
                errno = ENOTDIR;
                if (sudoers_warnings) {
-                   warning(path);
+                   warning("%s", path);
                }
                debug_return_bool(false);
            case SUDO_PATH_WRONG_OWNER: