From e892c583348c25990971240748948c8515f6846a Mon Sep 17 00:00:00 2001
From: Tsarevich Dmitry <dimhotepus@gmail.com>
Date: Sun, 23 Feb 2020 20:48:35 +0300
Subject: [PATCH] [fmt] Use %s for printf-like funcs

Printing strings without format specifier may lead
to vulnerabilities if string is somehow malformed.
Ensure prontf-like family calls are protected. See
https://www.viva64.com/en/w/v618/print/
---
 src/badblocks.c  | 4 ++--
 src/format.c     | 2 +-
 src/format_ext.c | 2 +-
 src/rufus.c      | 4 ++--
 4 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/src/badblocks.c b/src/badblocks.c
index f88aae47..5ff11b75 100644
--- a/src/badblocks.c
+++ b/src/badblocks.c
@@ -463,7 +463,7 @@ static unsigned int test_rw(HANDLE hDrive, blk64_t last_block, size_t block_size
 			if (max_bb && bb_count >= max_bb) {
 				if (s_flag || v_flag) {
 					uprintf(abort_msg);
-					fprintf(log_fd, abort_msg);
+					fprintf(log_fd, "%s", abort_msg);
 					fflush(log_fd);
 				}
 				cancel_ops = -1;
@@ -511,7 +511,7 @@ static unsigned int test_rw(HANDLE hDrive, blk64_t last_block, size_t block_size
 			if (max_bb && bb_count >= max_bb) {
 				if (s_flag || v_flag) {
 					uprintf(abort_msg);
-					fprintf(log_fd, abort_msg);
+					fprintf(log_fd, "%s", abort_msg);
 					fflush(log_fd);
 				}
 				cancel_ops = -1;
diff --git a/src/format.c b/src/format.c
index 72881e22..be96b8f2 100644
--- a/src/format.c
+++ b/src/format.c
@@ -1863,7 +1863,7 @@ DWORD WINAPI FormatThread(void* param)
 			if (report.bb_count) {
 				bb_msg = lmprintf(MSG_011, report.bb_count, report.num_read_errors, report.num_write_errors,
 					report.num_corruption_errors);
-				fprintf(log_fd, bb_msg);
+				fprintf(log_fd, "%s", bb_msg);
 				GetLocalTime(&lt);
 				fprintf(log_fd, APPLICATION_NAME " bad blocks check ended on: %04d.%02d.%02d %02d:%02d:%02d",
 				lt.wYear, lt.wMonth, lt.wDay, lt.wHour, lt.wMinute, lt.wSecond);
diff --git a/src/format_ext.c b/src/format_ext.c
index 715c5318..7fbd7849 100644
--- a/src/format_ext.c
+++ b/src/format_ext.c
@@ -177,7 +177,7 @@ const char* error_message(errcode_t error_code)
 			static_sprintf(error_string, "Unknown ext2fs error %ld (EXT2_ET_BASE + %ld)", error_code, error_code - EXT2_ET_BASE);
 		} else {
 			SetLastError((FormatStatus == 0) ? (ERROR_SEVERITY_ERROR | FAC(FACILITY_STORAGE) | (error_code & 0xFFFF)) : FormatStatus);
-			static_sprintf(error_string, WindowsErrorString());
+			static_sprintf(error_string, "%s", WindowsErrorString());
 		}
 		return error_string;
 	}
diff --git a/src/rufus.c b/src/rufus.c
index 88bf875e..5508c171 100755
--- a/src/rufus.c
+++ b/src/rufus.c
@@ -138,7 +138,7 @@ const char* flash_type[BADLOCKS_PATTERN_TYPES] = { "SLC", "MLC", "TLC" };
 static void SetClusterSizeLabels(void)
 {
 	unsigned int i, j, msg_id;
-	safe_sprintf(ClusterSizeLabel[0], 64, lmprintf(MSG_029));
+	safe_sprintf(ClusterSizeLabel[0], 64, "%s", lmprintf(MSG_029));
 	for (i=512, j=1, msg_id=MSG_026; j<MAX_CLUSTER_SIZES; i<<=1, j++) {
 		if (i > 8192) {
 			i /= 1024;
@@ -885,7 +885,7 @@ static BOOL PopulateProperties(void)
 	EnableControls(TRUE, FALSE);
 
 	// Set a proposed label according to the size (eg: "256MB", "8GB")
-	static_sprintf(SelectedDrive.proposed_label,
+	static_sprintf(SelectedDrive.proposed_label, "%s",
 		SizeToHumanReadable(SelectedDrive.DiskSize, FALSE, use_fake_units));
 
 	// Add a tooltip (with the size of the device in parenthesis)