CHANSERV: Fix possibly unsafe string handling

diff --git a/chanserv/chanservstdcmds.c b/chanserv/chanservstdcmds.c
index ff06dfbe7b1afe7c9eb0b3f992f4014787cdc76f..1c0277c883897a78ed684670478594cb310980f5 100644 (file)
--- a/chanserv/chanservstdcmds.c
+++ b/chanserv/chanservstdcmds.c
@@ -219,9 +219,9 @@ int cs_sendhelp(nick *sender, char *thecmd, int oneline) {
 
   if (sum->defhelp && *(sum->defhelp)) {
     if (oneline) {
-      chanservsendmessageoneline(sender, sum->defhelp);
+      chanservsendmessageoneline(sender, "%s", sum->defhelp);
     } else {
-      chanservsendmessage(sender, sum->defhelp);
+      chanservsendmessage(sender, "%s", sum->defhelp);
     }
   } else {
     if (!oneline)
@@ -345,11 +345,11 @@ void csdb_dohelp_real(DBConn *dbconn, void *arg) {
   }
 
   if (result) {
-    chanservsendmessage(np, result);
+    chanservsendmessage(np, "%s", result);
   } else {
     cmdsummary *sum=hip->cmd->ext;
     if (sum->defhelp && *(sum->defhelp)) {
-      chanservsendmessage(np, sum->defhelp);
+      chanservsendmessage(np, "%s", sum->defhelp);
     } else {
       chanservstdmessage(np, QM_NOHELP, hip->commandname->content);
     }

diff --git a/chanserv/chanservuser.c b/chanserv/chanservuser.c
index 00d780b54985ed4f49bc3dc66ac5d94473f3d683..584e17882d0d838e6f27f651679b86c69cfbebdb 100644 (file)
--- a/chanserv/chanservuser.c
+++ b/chanserv/chanservuser.c
@@ -522,7 +522,7 @@ void chanservkillstdmessage(nick *target, int messageid, ... ) {
   va_start(va, messageid);
   q9vsnprintf(buf, 511, message, messageargs, va);
   va_end(va);
-  killuser(chanservnick, target, buf);
+  killuser(chanservnick, target, "%s", buf);
 }
 
 int checkpassword(reguser *rup, const char *pass) {