git » chasquid » commit 5c2566c

Fix non-constant format string in calls to Printf-like functions

author Alberto Bertogli
2025-10-24 11:34:58 UTC
committer Alberto Bertogli
2025-10-24 11:34:58 UTC
parent 3776186288a4096cb1eaae0b80b3ba1b181ec92a
Fix non-constant format string in calls to Printf-like functions

In a few places, we call Printf-like functions, but for the format we
use either non-format messages (which is not tidy, but okay), or
variable messages (which can be problematic if they contain %-format
directives).

The patch fixes the calls by either moving to Print-like functions, or
using `Printf("%s", message)` instead.

These were found by a combination of `go vet` (which complains about
"non-constant format string in call"), and manual inspection.
internal/maillog/maillog.go +2 -2
internal/nettrace/trace.go +1 -1
internal/smtpsrv/conn.go +8 -8
internal/smtpsrv/fuzz_test.go +2 -2
internal/smtpsrv/server_test.go +1 -1 
diff --git a/internal/maillog/maillog.go b/internal/maillog/maillog.go
index 9e95790..b117ff2 100644
--- a/internal/maillog/maillog.go
+++ b/internal/maillog/maillog.go
@@ -97,8 +97,8 @@ func (l *Logger) Auth(netAddr net.Addr, user string, successful bool) {
 		res = "failed"
 	}
 	msg := fmt.Sprintf("%s auth %s for %s\n", netAddr, res, user)
-	l.printf(msg)
-	authLog.Debugf(msg)
+	l.printf("%s", msg)
+	authLog.Debugf("%s", msg)
 }
 
 // Rejected logs that we've rejected an email.
diff --git a/internal/nettrace/trace.go b/internal/nettrace/trace.go
index 7ee539d..914cc05 100644
--- a/internal/nettrace/trace.go
+++ b/internal/nettrace/trace.go
@@ -233,7 +233,7 @@ func (tr *trace) Printf(format string, a ...interface{}) {
 func (tr *trace) Errorf(format string, a ...interface{}) error {
 	tr.SetError()
 	err := fmt.Errorf(format, a...)
-	tr.Printf(err.Error())
+	tr.Printf("%s", err.Error())
 	return err
 }
 
diff --git a/internal/smtpsrv/conn.go b/internal/smtpsrv/conn.go
index b0a8208..faba2a3 100644
--- a/internal/smtpsrv/conn.go
+++ b/internal/smtpsrv/conn.go
@@ -378,18 +378,18 @@ func (c *Conn) EHLO(params string) (code int, msg string) {
 	c.isESMTP = true
 
 	buf := bytes.NewBuffer(nil)
-	fmt.Fprintf(buf, c.hostname+" - Your hour of destiny has come.\n")
-	fmt.Fprintf(buf, "8BITMIME\n")
-	fmt.Fprintf(buf, "PIPELINING\n")
-	fmt.Fprintf(buf, "SMTPUTF8\n")
-	fmt.Fprintf(buf, "ENHANCEDSTATUSCODES\n")
+	fmt.Fprint(buf, c.hostname+" - Your hour of destiny has come.\n")
+	fmt.Fprint(buf, "8BITMIME\n")
+	fmt.Fprint(buf, "PIPELINING\n")
+	fmt.Fprint(buf, "SMTPUTF8\n")
+	fmt.Fprint(buf, "ENHANCEDSTATUSCODES\n")
 	fmt.Fprintf(buf, "SIZE %d\n", c.maxDataSize)
 	if c.onTLS {
-		fmt.Fprintf(buf, "AUTH PLAIN\n")
+		fmt.Fprint(buf, "AUTH PLAIN\n")
 	} else {
-		fmt.Fprintf(buf, "STARTTLS\n")
+		fmt.Fprint(buf, "STARTTLS\n")
 	}
-	fmt.Fprintf(buf, "HELP\n")
+	fmt.Fprint(buf, "HELP\n")
 	return 250, buf.String()
 }
 
diff --git a/internal/smtpsrv/fuzz_test.go b/internal/smtpsrv/fuzz_test.go
index 812410d..a9e953e 100644
--- a/internal/smtpsrv/fuzz_test.go
+++ b/internal/smtpsrv/fuzz_test.go
@@ -57,7 +57,7 @@ func fuzzConnection(t *testing.T, modeI int, data []byte) {
 			continue
 		}
 
-		if err = tconn.PrintfLine(line); err != nil {
+		if err = tconn.PrintfLine("%s", line); err != nil {
 			break
 		}
 
@@ -82,7 +82,7 @@ func FuzzConnection(f *testing.F) {
 func exchangeData(scanner *bufio.Scanner, tconn *textproto.Conn) error {
 	for scanner.Scan() {
 		line := scanner.Text()
-		if err := tconn.PrintfLine(line); err != nil {
+		if err := tconn.PrintfLine("%s", line); err != nil {
 			return err
 		}
 		if line == "." {
diff --git a/internal/smtpsrv/server_test.go b/internal/smtpsrv/server_test.go
index 9c98828..7e7b815 100644
--- a/internal/smtpsrv/server_test.go
+++ b/internal/smtpsrv/server_test.go
@@ -408,7 +408,7 @@ func TestTooMuchData(t *testing.T) {
 
 func simpleCmd(t *testing.T, c *smtp.Client, cmd string, expected int) string {
 	t.Helper()
-	if err := c.Text.PrintfLine(cmd); err != nil {
+	if err := c.Text.PrintfLine("%s", cmd); err != nil {
 		t.Fatalf("Failed to write %s: %v", cmd, err)
 	}