newlib: wordexp: drop dangerous fprintf

wordexp uses fprintf in a dangerous way. It uses an unchecked input string as format string, rather than as parameter to a %s. Replace fprintf with fputs. Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
author: Corinna Vinschen <corinna@vinschen.de> 2018-08-08 10:39:45 +0200
committer: Corinna Vinschen <corinna@vinschen.de> 2018-08-08 10:50:19 +0200
commit: 5ace9004d9b982ba8887df41139295792c130020 (patch)
tree: 81a8909970f0eb9b875678df210c15b0cc12aae0
parent: 8bfb1afd6b46b7b41d45b20fe9c90e9156b3a7d2 (diff)
download: cygnal-5ace9004d9b982ba8887df41139295792c130020.tar.gz
cygnal-5ace9004d9b982ba8887df41139295792c130020.tar.bz2
cygnal-5ace9004d9b982ba8887df41139295792c130020.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/newlib/libc/posix/wordexp.c b/newlib/libc/posix/wordexp.c
index 3e90c3aee..dcda3d2f6 100644
--- a/newlib/libc/posix/wordexp.c
+++ b/newlib/libc/posix/wordexp.c
@@ -127,9 +127,9 @@ wordexp(const char *__restrict words, wordexp_t *__restrict pwordexp, int flags)
 
           if (flags & WRDE_SHOWERR)
             {
-              fprintf(stderr, tmp);
+              fputs(tmp, stderr);
               while(fgets(tmp, MAXLINELEN, f_err))
-                fprintf(stderr, tmp);
+                fputs(tmp, stderr);
             }
 
           goto cleanup;
author	Corinna Vinschen <corinna@vinschen.de>	2018-08-08 10:39:45 +0200
committer	Corinna Vinschen <corinna@vinschen.de>	2018-08-08 10:50:19 +0200
commit	5ace9004d9b982ba8887df41139295792c130020 (patch)
tree	81a8909970f0eb9b875678df210c15b0cc12aae0
parent	8bfb1afd6b46b7b41d45b20fe9c90e9156b3a7d2 (diff)
download	cygnal-5ace9004d9b982ba8887df41139295792c130020.tar.gz cygnal-5ace9004d9b982ba8887df41139295792c130020.tar.bz2 cygnal-5ace9004d9b982ba8887df41139295792c130020.zip