From: Ben Chalmers <ben.chalmers@citrix.com>
Date: Tue, 19 Sep 2017 10:43:48 +0000 (+0100)
Subject: Don't allow user-supplied values to be used as a format specifier
X-Git-Tag: 9.0.0-rc1~30
X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=5a70111cb6b88944bef4eb03c273008f33514f2f;p=pvdrivers%2Fwin%2Fxeniface.git

Don't allow user-supplied values to be used as a format specifier

Signed-off-by: Ben Chalmers <ben.chalmers@citrix.com>
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
---

diff --git a/src/xeniface/ioctl_store.c b/src/xeniface/ioctl_store.c
index 542dbbf..c1db0ba 100644
--- a/src/xeniface/ioctl_store.c
+++ b/src/xeniface/ioctl_store.c
@@ -185,7 +185,7 @@ IoctlStoreWrite(
     if (!__IsValidStr(Value, InLen - Length))
         goto fail3;
 
-    status = XENBUS_STORE(Printf, &Fdo->StoreInterface, NULL, NULL, Buffer, Value);
+    status = XENBUS_STORE(Printf, &Fdo->StoreInterface, NULL, NULL, Buffer, "%s", Value);
     if (!NT_SUCCESS(status))
         goto fail4;
 
diff --git a/src/xeniface/wmi.c b/src/xeniface/wmi.c
index 2e0dd87..d7e4bb7 100644
--- a/src/xeniface/wmi.c
+++ b/src/xeniface/wmi.c
@@ -1672,7 +1672,7 @@ SessionExecuteSetValue(UCHAR *InBuffer,
             NULL){
         goto fail4;
     }
-    status = XENBUS_STORE(Printf, &fdoData->StoreInterface, session->transaction, NULL, tmppath, tmpvalue);
+    status = XENBUS_STORE(Printf, &fdoData->StoreInterface, session->transaction, NULL, tmppath, "%s", tmpvalue);
     Trace(" Write %s to %s (%p)\n", tmpvalue, tmppath, status);
     UnlockSessions(fdoData);