Description: Use %s as a formatting string in VALIDATE_MAX_LENGTH to
compile with -Werror=format-security for hardening purposes
Bug-Debian: http://bugs.debian.org/676211
Author: Ryan Niebur <ryan@debian.org>
Index: thin/ext/thin_parser/thin.c
===================================================================
--- thin.orig/ext/thin_parser/thin.c 2012-02-07 12:51:55.000000000 -0800
+++ thin/ext/thin_parser/thin.c 2012-06-16 01:53:36.000000000 -0700
@@ -47,7 +47,7 @@
#define DEF_MAX_LENGTH(N,length) const size_t MAX_##N##_LENGTH = length; const char *MAX_##N##_LENGTH_ERR = "HTTP element " # N " is longer than the " # length " allowed length."
/** Validates the max length of given input and throws an HttpParserError exception if over. */
-#define VALIDATE_MAX_LENGTH(len, N) if(len > MAX_##N##_LENGTH) { rb_raise(eHttpParserError, MAX_##N##_LENGTH_ERR); }
+#define VALIDATE_MAX_LENGTH(len, N) if(len > MAX_##N##_LENGTH) { rb_raise(eHttpParserError, "%s", MAX_##N##_LENGTH_ERR); }
/** Defines global strings in the init method. */
#define DEF_GLOBAL(N, val) global_##N = rb_obj_freeze(rb_str_new2(val)); rb_global_variable(&global_##N)
![[patchlogo]](http://patch-tracker.debian.org/static/img/swirlpatch.png)