From b05926f28f3cab0ef77101f89be154329dcb8dea Mon Sep 17 00:00:00 2001
From: Reuben Thomas <rrt@sc3d.org>
Date: Mon, 20 Sep 2010 14:24:01 +0000
Subject: [PATCH] Use '%s' format to print untrusted string.

---
 src/softmagic.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/softmagic.c b/src/softmagic.c
index c907b863..a739dfe5 100644
--- a/src/softmagic.c
+++ b/src/softmagic.c
@@ -32,7 +32,7 @@
 #include "file.h"
 
 #ifndef	lint
-FILE_RCSID("@(#)$File: softmagic.c,v 1.139 2010/01/28 23:25:18 christos Exp $")
+FILE_RCSID("@(#)$File: softmagic.c,v 1.140 2010/07/21 16:47:18 christos Exp $")
 #endif	/* lint */
 
 #include "magic.h"
@@ -1585,7 +1585,7 @@ mget(struct magic_set *ms, const unsigned char *s,
 
 	case FILE_INDIRECT:
 	  	if ((ms->flags & (MAGIC_MIME|MAGIC_APPLE)) == 0 &&
-		    file_printf(ms, m->desc) == -1)
+		    file_printf(ms, "%s", m->desc) == -1)
 			return -1;
 		if (nbytes < offset)
 			return 0;
-- 
2.40.0