From: Todd C. Miller <Todd.Miller@courtesan.com>
Date: Thu, 15 Mar 2012 12:47:23 +0000 (-0400)
Subject: We should always call warning() with a format string or a string literal.
X-Git-Tag: SUDO_1_8_5~1^2~142
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=b330cbbed8a4452b21a62be63561ab40f4bc7d9d;p=sudo

We should always call warning() with a format string or a string literal.
In this case, the argument (path) is not user-controlled.
---

diff --git a/plugins/sudoers/toke.c b/plugins/sudoers/toke.c
index b71c2ad3c..e1c6ac1f9 100644
--- a/plugins/sudoers/toke.c
+++ b/plugins/sudoers/toke.c
@@ -1485,7 +1485,7 @@ int sudolineno;
 int last_token;
 char *sudoers;
 
-/* Default sudoers path, mode and owner */
+/* Default sudoers path, mode and owner (may be set via sudo.conf) */
 const char *sudoers_file = _PATH_SUDOERS;
 mode_t sudoers_mode = SUDOERS_MODE;
 uid_t sudoers_uid = SUDOERS_UID;
@@ -3528,7 +3528,7 @@ _push_include(char *path, bool isdir)
 	    case SUDO_PATH_BAD_TYPE:
 		errno = ENOTDIR;
 		if (sudoers_warnings) {
-		    warning(path);
+		    warning("%s", path);
 		}
 		debug_return_bool(false);
 	    case SUDO_PATH_WRONG_OWNER:
diff --git a/plugins/sudoers/toke.l b/plugins/sudoers/toke.l
index 967de07fd..e830f84dd 100644
--- a/plugins/sudoers/toke.l
+++ b/plugins/sudoers/toke.l
@@ -819,7 +819,7 @@ _push_include(char *path, bool isdir)
 	    case SUDO_PATH_BAD_TYPE:
 		errno = ENOTDIR;
 		if (sudoers_warnings) {
-		    warning(path);
+		    warning("%s", path);
 		}
 		debug_return_bool(false);
 	    case SUDO_PATH_WRONG_OWNER: