From 76904719d02724975bc255b52d03132a87caf283 Mon Sep 17 00:00:00 2001 From: Miccah Date: Sat, 24 Jul 2021 15:37:34 -0500 Subject: [PATCH] thirdparty/vschannel: fix format string vulnerability (#10944) --- thirdparty/vschannel/vschannel.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/thirdparty/vschannel/vschannel.c b/thirdparty/vschannel/vschannel.c index 34126d6b6e..0d55dde7e8 100644 --- a/thirdparty/vschannel/vschannel.c +++ b/thirdparty/vschannel/vschannel.c @@ -757,7 +757,7 @@ static SECURITY_STATUS https_make_request(TlsContext *tls_ctx, CHAR *req, CHAR * // Build HTTP request. Note that I'm assuming that this is less than // the maximum message size. If it weren't, it would have to be broken up. - sprintf(pbMessage, req); + sprintf(pbMessage, "%s", req); cbMessage = (DWORD)strlen(pbMessage);