startup: use a format string, to deflect format-string attacks - nano

commit fdcafb83e3e23da645ca813991f448c907935673
parent b8ead3b51144968401288291357452821193bb3b
Author: Benno Schulenberg <bensberg@telfort.nl>
Date:   Mon, 27 Mar 2023 12:02:19 +0200

startup: use a format string, to deflect format-string attacks

This fixes the second part of https://savannah.gnu.org/bugs/?63964.

Reported-by: Vince Vince

Diffstat:
M src/nano.c  | 2 +-

1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/nano.c b/src/nano.c
@@ -2565,7 +2565,7 @@ int main(int argc, char **argv)
 
 #ifdef ENABLE_NANORC
 	if (startup_problem != NULL)
-		statusline(ALERT, startup_problem);
+		statusline(ALERT, "%s", startup_problem);
 
 #define NOTREBOUND  first_sc_for(MMAIN, do_help) && \
 						first_sc_for(MMAIN, do_help)->keycode == 0x07

	nano nano with my custom patches
	git clone git://bsandro.tech/nano
	Log \| Files \| Refs \| README \| LICENSE