From c0e820c352029eae558ec643764734d36a52c385 Mon Sep 17 00:00:00 2001
From: Tim Duesterhus <tim@bastelstu.be>
Date: Sat, 23 Nov 2019 23:52:30 +0100
Subject: [PATCH] BUG/MINOR: ssl: Stop passing dynamic strings as format
 arguments
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

gcc complains rightfully:

src/ssl_sock.c: In function ‘ssl_sock_prepare_all_ctx’:
src/ssl_sock.c:5507:3: warning: format not a string literal and no format arguments [-Wformat-security]
   ha_warning(errmsg);
   ^
src/ssl_sock.c:5509:3: warning: format not a string literal and no format arguments [-Wformat-security]
   ha_alert(errmsg);
   ^
src/ssl_sock.c: In function ‘cli_io_handler_commit_cert’:
src/ssl_sock.c:10208:3: warning: format not a string literal and no format arguments [-Wformat-security]
   chunk_appendf(trash, err);

Introduced in 8b453912ce9a4e1a3b1329efb2af04d1e470852e.
---
 src/ssl_sock.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 91725a955..cd04c344a 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -5504,9 +5504,9 @@ int ssl_sock_prepare_all_ctx(struct bind_conf *bind_conf)
 	}
 
 	if (errcode & ERR_WARN) {
-		ha_warning(errmsg);
+		ha_warning("%s", errmsg);
 	} else if (errcode & ERR_CODE) {
-		ha_alert(errmsg);
+		ha_alert("%s", errmsg);
 		err++;
 	}
 
@@ -10205,7 +10205,7 @@ end:
 
 	chunk_appendf(trash, "\n");
 	if (errcode & ERR_WARN)
-		chunk_appendf(trash, err);
+		chunk_appendf(trash, "%s", err);
 	chunk_appendf(trash, "Success!\n");
 	if (ci_putchk(si_ic(si), trash) == -1)
 		si_rx_room_blk(si);