[pkgsrc/trunk]: pkgsrc/security/priv/patches Actually add the patch I intende...

[nia <nia%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/8e1233812f96
branches:  trunk
changeset: 446164:8e1233812f96
user:      nia <nia%pkgsrc.org@localhost>
date:      Fri Feb 05 13:27:42 2021 +0000

description:
Actually add the patch I intended to, thx wiz

diffstat:

 security/priv/patches/patch-priv.c |  17 +++++++++++++++++
 1 files changed, 17 insertions(+), 0 deletions(-)

diffs (21 lines):

diff -r c6f635cf0634 -r 8e1233812f96 security/priv/patches/patch-priv.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/priv/patches/patch-priv.c        Fri Feb 05 13:27:42 2021 +0000
@@ -0,0 +1,17 @@
+$NetBSD: patch-priv.c,v 1.1 2021/02/05 13:27:42 nia Exp $
+
+Do not directly pass user input to a printf function.
+
+--- priv.c.orig        2004-02-09 04:37:07.000000000 +0000
++++ priv.c
+@@ -370,8 +370,8 @@ main(int argc, char **argv, char **envp)
+       }
+ 
+       /* All's well so far, get ready to execute the command. */
+-      syslog(LOG_INFO, build_log_message(myfullname, argv + 1, realprog,
+-          nflags));
++      syslog(LOG_INFO, "%s",
++          build_log_message(myfullname, argv + 1, realprog, nflags));
+       envp = lockdown(nflags, realprog, pw, envp);
+       execve(realprog, argv + 1, envp);
+       sverr = errno;