Fix a format string vulneratility in the AFP dissector identified

by iDEFENSE.  Add constant format strings to proto_item_append_text()
in a bunch of other dissectors.  Copy a comment from proto.c to proto.h.

svn path=/trunk/; revision=14713

2 files changed, 3 insertions, 3 deletions

diff --git a/plugins/irda/packet-irda.c b/plugins/irda/packet-irda.c
index f8332b122f..53e50258d6 100644
--- a/plugins/irda/packet-irda.c
+++ b/plugins/irda/packet-irda.c
@@ -949,7 +949,7 @@ gboolean check_iap_octet_result(tvbuff_t* tvb, proto_tree* tree, unsigned offset
         if (tree)
         {
             proto_item* ti = proto_tree_add_item(tree, hf_iap_invaloctet, tvb, offset, 0, FALSE);
-            proto_item_append_text(ti, attr_name);
+            proto_item_append_text(ti, "%s", attr_name);
             proto_item_append_text(ti, "\" attribute must be octet sequence!");
         }
 
@@ -975,7 +975,7 @@ guint8 check_iap_lsap_result(tvbuff_t* tvb, proto_tree* tree, unsigned offset,
         if (tree)
         {
             proto_item* ti = proto_tree_add_item(tree, hf_iap_invallsap, tvb, offset, 0, FALSE);
-            proto_item_append_text(ti, attr_name);
+            proto_item_append_text(ti, "%s", attr_name);
             proto_item_append_text(ti, "\" attribute must be integer value between 0x01 and 0x6F!");
         }
 
diff --git a/plugins/profinet/packet-pn-dcp.c b/plugins/profinet/packet-pn-dcp.c
index f3c75da900..4dcdafd797 100644
--- a/plugins/profinet/packet-pn-dcp.c
+++ b/plugins/profinet/packet-pn-dcp.c
@@ -334,7 +334,7 @@ pn_append_info(packet_info *pinfo, proto_item *dcp_item, char *text)
     if (check_col(pinfo->cinfo, COL_INFO))
         col_append_fstr(pinfo->cinfo, COL_INFO, text);
 
-    proto_item_append_text(dcp_item, text);
+    proto_item_append_text(dcp_item, "%s", text);
 }