diff -Naur nss-3.12.3/mozilla/security/nss/cmd/certcgi/certcgi.c nss-3.12.3.tpg/mozilla/security/nss/cmd/certcgi/certcgi.c
--- nss-3.12.3/mozilla/security/nss/cmd/certcgi/certcgi.c 2008-02-16 01:17:40.000000000 +0000
+++ nss-3.12.3.tpg/mozilla/security/nss/cmd/certcgi/certcgi.c 2009-05-30 17:24:44.000000000 +0000
@@ -97,7 +97,7 @@
error_out(char *error_string)
{
printf("Content-type: text/plain\n\n");
- printf(error_string);
+ printf("%s", error_string);
fflush(stderr);
fflush(stdout);
exit(1);
diff -Naur nss-3.12.3/mozilla/security/nss/cmd/certutil/certext.c nss-3.12.3.tpg/mozilla/security/nss/cmd/certutil/certext.c
--- nss-3.12.3/mozilla/security/nss/cmd/certutil/certext.c 2009-02-19 19:51:52.000000000 +0000
+++ nss-3.12.3.tpg/mozilla/security/nss/cmd/certutil/certext.c 2009-05-30 17:24:44.000000000 +0000
@@ -100,7 +100,7 @@
static SECStatus
PrintChoicesAndGetAnswer(char* str, char* rBuff, int rSize)
{
- fprintf(stdout, str);
+ fprintf(stdout, "%s", str);
fprintf(stdout, " > ");
fflush (stdout);
if (Gets_s(rBuff, rSize) == NULL) {
diff -Naur nss-3.12.3/mozilla/security/nss/cmd/certutil/keystuff.c nss-3.12.3.tpg/mozilla/security/nss/cmd/certutil/keystuff.c
--- nss-3.12.3/mozilla/security/nss/cmd/certutil/keystuff.c 2009-02-19 04:24:41.000000000 +0000
+++ nss-3.12.3.tpg/mozilla/security/nss/cmd/certutil/keystuff.c 2009-05-30 17:24:44.000000000 +0000
@@ -95,7 +95,7 @@
char meter[] = {
"\r| |" };
-#define FPS fprintf(stderr,
+#define FPS fprintf(stderr, "%s",
FPS "\n");
FPS "A random seed must be generated that will be used in the\n");
FPS "creation of your key. One of the easiest ways to create a\n");
diff -Naur nss-3.12.3/mozilla/security/nss/cmd/digest/digest.c nss-3.12.3.tpg/mozilla/security/nss/cmd/digest/digest.c
--- nss-3.12.3/mozilla/security/nss/cmd/digest/digest.c 2004-10-07 04:13:50.000000000 +0000
+++ nss-3.12.3.tpg/mozilla/security/nss/cmd/digest/digest.c 2009-05-30 17:24:44.000000000 +0000
@@ -105,7 +105,7 @@
"-t type");
fprintf(stderr, "%-20s ", "");
for (htype = HASH_AlgNULL + 1; htype < HASH_AlgTOTAL; htype++) {
- fprintf(stderr, HashTypeToOID(htype)->desc);
+ fprintf(stderr, "%s", HashTypeToOID(htype)->desc);
if (htype == (HASH_AlgTOTAL - 2))
fprintf(stderr, " or ");
else if (htype != (HASH_AlgTOTAL - 1))
diff -Naur nss-3.12.3/mozilla/security/nss/cmd/lib/secutil.c nss-3.12.3.tpg/mozilla/security/nss/cmd/lib/secutil.c
--- nss-3.12.3/mozilla/security/nss/cmd/lib/secutil.c 2009-03-17 08:46:24.000000000 +0000
+++ nss-3.12.3.tpg/mozilla/security/nss/cmd/lib/secutil.c 2009-05-30 17:24:44.000000000 +0000
@@ -1067,7 +1067,7 @@
}
if (PR_FormatTime(timeString, 256, "%a %b %d %H:%M:%S %Y", &printableTime)) {
- fprintf(out, timeString);
+ fprintf(out, "%s", timeString);
}
if (m != NULL)
@@ -2848,7 +2848,7 @@
iv = 0;
while ((entry = crl->entries[iv++]) != NULL) {
sprintf(om, "Entry (%x):\n", iv);
- SECU_Indent(out, level + 1); fprintf(out, om);
+ SECU_Indent(out, level + 1); fprintf(out, "%s", om);
SECU_PrintInteger(out, &(entry->serialNumber), "Serial Number",
level + 2);
SECU_PrintTimeChoice(out, &(entry->revocationDate),
diff -Naur nss-3.12.3/mozilla/security/nss/cmd/pk12util/pk12util.c nss-3.12.3.tpg/mozilla/security/nss/cmd/pk12util/pk12util.c
--- nss-3.12.3/mozilla/security/nss/cmd/pk12util/pk12util.c 2008-09-26 17:45:16.000000000 +0000
+++ nss-3.12.3.tpg/mozilla/security/nss/cmd/pk12util/pk12util.c 2009-05-30 17:24:44.000000000 +0000
@@ -555,11 +555,11 @@
if ((error_value == SEC_ERROR_PKCS12_UNABLE_TO_EXPORT_KEY) ||
(error_value == SEC_ERROR_PKCS12_UNABLE_TO_LOCATE_OBJECT_BY_NAME) ||
(error_value == SEC_ERROR_PKCS12_UNABLE_TO_WRITE)) {
- fprintf(stderr, SECU_ErrorStringRaw((int16)error_value));
+ fprintf(stderr, "%s", SECU_ErrorStringRaw((int16)error_value));
} else if(error_value == SEC_ERROR_USER_CANCELLED) {
;
} else {
- fprintf(stderr, SECU_ErrorStringRaw(SEC_ERROR_EXPORTING_CERTIFICATES));
+ fprintf(stderr, "%s", SECU_ErrorStringRaw(SEC_ERROR_EXPORTING_CERTIFICATES));
}
}
diff -Naur nss-3.12.3/mozilla/security/nss/cmd/signver/pk7print.c nss-3.12.3.tpg/mozilla/security/nss/cmd/signver/pk7print.c
--- nss-3.12.3/mozilla/security/nss/cmd/signver/pk7print.c 2008-10-06 23:37:54.000000000 +0000
+++ nss-3.12.3.tpg/mozilla/security/nss/cmd/signver/pk7print.c 2009-05-30 17:24:44.000000000 +0000
@@ -79,7 +79,7 @@
{
unsigned i;
- if (m) fprintf(out, m);
+ if (m) fprintf(out, "%s", m);
for (i = 0; i < data->len; i++) {
if (i < data->len - 1) {
@@ -136,10 +136,10 @@
{
int rv;
- fprintf(out, m);
+ fprintf(out, "%s", m);
rv = sv_PrintTime(out, &v->notBefore, "notBefore=");
if (rv) return rv;
- fprintf(out, m);
+ fprintf(out, "%s", m);
sv_PrintTime(out, &v->notAfter, "notAfter=");
return rv;
}
@@ -181,7 +181,7 @@
int i;
char om[100];
- fprintf(out, m);
+ fprintf(out, "%s", m);
/*
* XXX Make this smarter; look at the type field and then decode
@@ -278,16 +278,16 @@
SEC_PKCS7Attribute *attr;
int iv;
- fprintf(out, m);
+ fprintf(out, "%s", m);
sv_PrintInteger(out, &(info->version), "version=");
- fprintf(out, m);
+ fprintf(out, "%s", m);
sv_PrintName(out, &(info->issuerAndSN->issuer), "issuerName=");
- fprintf(out, m);
+ fprintf(out, "%s", m);
sv_PrintInteger(out, &(info->issuerAndSN->serialNumber),
"serialNumber=");
- fprintf(out, m);
+ fprintf(out, "%s", m);
sv_PrintAlgorithmID(out, &(info->digestAlg), "digestAlgorithm=");
if (info->authAttr != NULL) {
@@ -304,9 +304,9 @@
}
/* Parse and display signature */
- fprintf(out, m);
+ fprintf(out, "%s", m);
sv_PrintAlgorithmID(out, &(info->digestEncAlg), "digestEncryptionAlgorithm=");
- fprintf(out, m);
+ fprintf(out, "%s", m);
sv_PrintAsHex(out, &(info->encDigest), "encryptedDigest=");
if (info->unAuthAttr != NULL) {
@@ -326,22 +326,22 @@
void
sv_PrintRSAPublicKey(FILE *out, SECKEYPublicKey *pk, char *m)
{
- fprintf(out, m);
+ fprintf(out, "%s", m);
sv_PrintInteger(out, &pk->u.rsa.modulus, "modulus=");
- fprintf(out, m);
+ fprintf(out, "%s", m);
sv_PrintInteger(out, &pk->u.rsa.publicExponent, "exponent=");
}
void
sv_PrintDSAPublicKey(FILE *out, SECKEYPublicKey *pk, char *m)
{
- fprintf(out, m);
+ fprintf(out, "%s", m);
sv_PrintInteger(out, &pk->u.dsa.params.prime, "prime=");
- fprintf(out, m);
+ fprintf(out, "%s", m);
sv_PrintInteger(out, &pk->u.dsa.params.subPrime, "subprime=");
- fprintf(out, m);
+ fprintf(out, "%s", m);
sv_PrintInteger(out, &pk->u.dsa.params.base, "base=");
- fprintf(out, m);
+ fprintf(out, "%s", m);
sv_PrintInteger(out, &pk->u.dsa.publicValue, "publicValue=");
}
@@ -432,7 +432,7 @@
oidTag = SECOID_FindOIDTag (&((*extensions)->id));
- fprintf(out, msg);
+ fprintf(out, "%s", msg);
tmpitem = &((*extensions)->value);
if (oidTag == SEC_OID_X509_INVALID_DATE)
sv_PrintInvalidDateExten (out, tmpitem,"invalidExt");
@@ -458,13 +458,13 @@
int iv;
char om[100];
- fprintf(out, m);
+ fprintf(out, "%s", m);
sv_PrintAlgorithmID(out, &(crl->signatureAlg), "signatureAlgorithm=");
- fprintf(out, m);
+ fprintf(out, "%s", m);
sv_PrintName(out, &(crl->name), "name=");
- fprintf(out, m);
+ fprintf(out, "%s", m);
sv_PrintTime(out, &(crl->lastUpdate), "lastUpdate=");
- fprintf(out, m);
+ fprintf(out, "%s", m);
sv_PrintTime(out, &(crl->nextUpdate), "nextUpdate=");
if (crl->entries != NULL) {
@@ -563,10 +563,10 @@
}
m[PORT_Strlen(m) - 5] = 0;
- fprintf(out, m);
+ fprintf(out, "%s", m);
sv_PrintAlgorithmID(out, &sd->signatureAlgorithm, "signatureAlgorithm=");
DER_ConvertBitString(&sd->signature);
- fprintf(out, m);
+ fprintf(out, "%s", m);
sv_PrintAsHex(out, &sd->signature, "signature=");
PORT_FreeArena(arena, PR_FALSE);
@@ -632,11 +632,11 @@
iv = 0;
while ((aCrl = src->crls[iv]) != NULL) {
sprintf(om, "signedRevocationList[%d].", iv);
- fprintf(out, om);
+ fprintf("%s", out, om);
sv_PrintAlgorithmID(out, &aCrl->signatureWrap.signatureAlgorithm,
"signatureAlgorithm=");
DER_ConvertBitString(&aCrl->signatureWrap.signature);
- fprintf(out, om);
+ fprintf("%s", out, om);
sv_PrintAsHex(out, &aCrl->signatureWrap.signature, "signature=");
sprintf(om, "certificateRevocationList[%d].", iv);
sv_PrintCRLInfo(out, &aCrl->crl, om);
