From 1c9614d34d09d39486e579c6c21b0218997739c8 Mon Sep 17 00:00:00 2001
From: Luke Mewburn <Luke@Mewburn.net>
Date: Sat, 20 Aug 2022 11:17:07 +1000
Subject: Fix -Wformat-security issues

Ensure that methods with a printf()-like format string
are invoked with a literal string instead of a string
built from possibly untrusted sources.

Fixes issue #1906.
---
 .../FTRT_Event_Service/Factory_Service/EventChannelFactory_i.cpp    | 4 ++--
 TAO/orbsvcs/ImplRepo_Service/ImR_Activator_i.cpp                    | 6 +++---
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/TAO/orbsvcs/FTRT_Event_Service/Factory_Service/EventChannelFactory_i.cpp b/TAO/orbsvcs/FTRT_Event_Service/Factory_Service/EventChannelFactory_i.cpp
index aeb2d6bfb1c..d8898f573e4 100644
--- a/TAO/orbsvcs/FTRT_Event_Service/Factory_Service/EventChannelFactory_i.cpp
+++ b/TAO/orbsvcs/FTRT_Event_Service/Factory_Service/EventChannelFactory_i.cpp
@@ -103,7 +103,7 @@ CORBA::Object_ptr EventChannelFactory_i::create_process (
   const int ENV_BUF_LEN = 512;
   ACE_TCHAR buf[ENV_BUF_LEN];
   server_addr.addr_to_string(buf,ENV_BUF_LEN,0);
-  options.setenv(ACE_TEXT("EventChannelFactoryAddr"), buf);
+  options.setenv(ACE_TEXT("EventChannelFactoryAddr"), ACE_TEXT("%s"), buf);
 
   // extract the object ID from the criteria
   for (CORBA::ULong i = 0; i < the_criteria.length(); ++i)
@@ -124,7 +124,7 @@ CORBA::Object_ptr EventChannelFactory_i::create_process (
 
   ORBSVCS_DEBUG((LM_DEBUG, "Command Line : %s\n", str.c_str()));
 
-  options.command_line(str.c_str());
+  options.command_line(ACE_TEXT("%s"), str.c_str());
 
   // Try to create a new process running date.
   ACE_Process new_process;
diff --git a/TAO/orbsvcs/ImplRepo_Service/ImR_Activator_i.cpp b/TAO/orbsvcs/ImplRepo_Service/ImR_Activator_i.cpp
index ab2e06d5c0f..e605c547c89 100644
--- a/TAO/orbsvcs/ImplRepo_Service/ImR_Activator_i.cpp
+++ b/TAO/orbsvcs/ImplRepo_Service/ImR_Activator_i.cpp
@@ -537,7 +537,7 @@ ImR_Activator_i::start_server(const char* name,
                                  1,
                                  cmdline_buf_len + 1,
                                  this->env_buf_len_, this->max_env_vars_);
-  proc_opts.command_line (ACE_TEXT_CHAR_TO_TCHAR(cmdline));
+  proc_opts.command_line (ACE_TEXT("%s"), ACE_TEXT_CHAR_TO_TCHAR(cmdline));
   proc_opts.working_directory (dir);
   // Win32 does not support the CLOSE_ON_EXEC semantics for sockets
   // the way unix does, so in order to avoid having the child process
@@ -564,13 +564,13 @@ ImR_Activator_i::start_server(const char* name,
     {
       CORBA::String_var ior = orb_->object_to_string (locator_.in ());
       proc_opts.setenv (ACE_TEXT ("ImplRepoServiceIOR"),
-                        ACE_TEXT_CHAR_TO_TCHAR (ior.in ()));
+                        ACE_TEXT ("%s"), ACE_TEXT_CHAR_TO_TCHAR (ior.in ()));
     }
 
   for (CORBA::ULong i = 0; i < env.length (); ++i)
     {
       proc_opts.setenv (ACE_TEXT_CHAR_TO_TCHAR (env[i].name.in ()),
-                        ACE_TEXT_CHAR_TO_TCHAR (env[i].value.in ()));
+                        ACE_TEXT ("%s"), ACE_TEXT_CHAR_TO_TCHAR (env[i].value.in ()));
     }
 
   pid = this->process_mgr_.spawn (proc_opts, this);
-- 
cgit v1.2.1