From 5c2566c9b16299009b1405a9b5115fae2df55dc7 Mon Sep 17 00:00:00 2001 From: Alberto Bertogli Date: Fri, 24 Oct 2025 12:34:58 +0100 Subject: [PATCH] Fix non-constant format string in calls to Printf-like functions In a few places, we call Printf-like functions, but for the format we use either non-format messages (which is not tidy, but okay), or variable messages (which can be problematic if they contain %-format directives). The patch fixes the calls by either moving to Print-like functions, or using `Printf("%s", message)` instead. These were found by a combination of `go vet` (which complains about "non-constant format string in call"), and manual inspection. --- internal/maillog/maillog.go | 4 ++-- internal/nettrace/trace.go | 2 +- internal/smtpsrv/conn.go | 16 ++++++++-------- internal/smtpsrv/fuzz_test.go | 4 ++-- internal/smtpsrv/server_test.go | 2 +- 5 files changed, 14 insertions(+), 14 deletions(-) diff --git a/internal/maillog/maillog.go b/internal/maillog/maillog.go index 9e95790..b117ff2 100644 --- a/internal/maillog/maillog.go +++ b/internal/maillog/maillog.go @@ -97,8 +97,8 @@ func (l *Logger) Auth(netAddr net.Addr, user string, successful bool) { res = "failed" } msg := fmt.Sprintf("%s auth %s for %s\n", netAddr, res, user) - l.printf(msg) - authLog.Debugf(msg) + l.printf("%s", msg) + authLog.Debugf("%s", msg) } // Rejected logs that we've rejected an email. diff --git a/internal/nettrace/trace.go b/internal/nettrace/trace.go index 7ee539d..914cc05 100644 --- a/internal/nettrace/trace.go +++ b/internal/nettrace/trace.go @@ -233,7 +233,7 @@ func (tr *trace) Printf(format string, a ...interface{}) { func (tr *trace) Errorf(format string, a ...interface{}) error { tr.SetError() err := fmt.Errorf(format, a...) - tr.Printf(err.Error()) + tr.Printf("%s", err.Error()) return err } diff --git a/internal/smtpsrv/conn.go b/internal/smtpsrv/conn.go index b0a8208..faba2a3 100644 --- a/internal/smtpsrv/conn.go +++ b/internal/smtpsrv/conn.go @@ -378,18 +378,18 @@ func (c *Conn) EHLO(params string) (code int, msg string) { c.isESMTP = true buf := bytes.NewBuffer(nil) - fmt.Fprintf(buf, c.hostname+" - Your hour of destiny has come.\n") - fmt.Fprintf(buf, "8BITMIME\n") - fmt.Fprintf(buf, "PIPELINING\n") - fmt.Fprintf(buf, "SMTPUTF8\n") - fmt.Fprintf(buf, "ENHANCEDSTATUSCODES\n") + fmt.Fprint(buf, c.hostname+" - Your hour of destiny has come.\n") + fmt.Fprint(buf, "8BITMIME\n") + fmt.Fprint(buf, "PIPELINING\n") + fmt.Fprint(buf, "SMTPUTF8\n") + fmt.Fprint(buf, "ENHANCEDSTATUSCODES\n") fmt.Fprintf(buf, "SIZE %d\n", c.maxDataSize) if c.onTLS { - fmt.Fprintf(buf, "AUTH PLAIN\n") + fmt.Fprint(buf, "AUTH PLAIN\n") } else { - fmt.Fprintf(buf, "STARTTLS\n") + fmt.Fprint(buf, "STARTTLS\n") } - fmt.Fprintf(buf, "HELP\n") + fmt.Fprint(buf, "HELP\n") return 250, buf.String() } diff --git a/internal/smtpsrv/fuzz_test.go b/internal/smtpsrv/fuzz_test.go index 812410d..a9e953e 100644 --- a/internal/smtpsrv/fuzz_test.go +++ b/internal/smtpsrv/fuzz_test.go @@ -57,7 +57,7 @@ func fuzzConnection(t *testing.T, modeI int, data []byte) { continue } - if err = tconn.PrintfLine(line); err != nil { + if err = tconn.PrintfLine("%s", line); err != nil { break } @@ -82,7 +82,7 @@ func FuzzConnection(f *testing.F) { func exchangeData(scanner *bufio.Scanner, tconn *textproto.Conn) error { for scanner.Scan() { line := scanner.Text() - if err := tconn.PrintfLine(line); err != nil { + if err := tconn.PrintfLine("%s", line); err != nil { return err } if line == "." { diff --git a/internal/smtpsrv/server_test.go b/internal/smtpsrv/server_test.go index 9c98828..7e7b815 100644 --- a/internal/smtpsrv/server_test.go +++ b/internal/smtpsrv/server_test.go @@ -408,7 +408,7 @@ func TestTooMuchData(t *testing.T) { func simpleCmd(t *testing.T, c *smtp.Client, cmd string, expected int) string { t.Helper() - if err := c.Text.PrintfLine(cmd); err != nil { + if err := c.Text.PrintfLine("%s", cmd); err != nil { t.Fatalf("Failed to write %s: %v", cmd, err) }