Commit 5cfa9d1c authored by Rémi Denis-Courmont's avatar Rémi Denis-Courmont
Browse files

Fix remote format string injection in SDP parser.

(Sometimes there are good things about NOT being on MBONE)
parent f2567856
......@@ -812,12 +812,13 @@ sap_announce_t *CreateAnnounce( services_discovery_t *p_sd, uint16_t i_hash,
psz_value = GetAttribute( p_sap->p_sdp->pp_attributes, p_sap->p_sdp->i_attributes, "tool" );
if( psz_value != NULL )
{
input_ItemAddInfo( p_input, _("Session"),_("Tool"), psz_value );
input_ItemAddInfo( p_input, _("Session"), _("Tool"), "%s",
psz_value );
}
if( strcmp( p_sdp->username, "-" ) )
{
input_ItemAddInfo( p_input, _("Session"),
_("User"), p_sdp->username );
input_ItemAddInfo( p_input, _("Session"), _("User"), "%s",
p_sdp->username );
}
/* Handle group */
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment