qgs: protect against format strings in QL log messages

The sgx_proc_log_report() method takes a format string and
var-args. It is unsafe to accept a non-const string from
the QL library and pass it to sgx_proc_log_report(), as the
log message may contain format strings from user data.

Signed-off-by: Daniel P. Berrangé <[email protected]>

Author: berrange

QuoteGeneration/quote_wrapper/qgs/qgs_ql_logic.cpp

@@ -50,10 +50,10 @@ typedef quote3_error_t (*sgx_ql_set_logging_callback_t)(sgx_ql_logging_callback_
 
 void sgx_ql_logging_callback(sgx_ql_log_level_t level, const char *message) {
     if (level == SGX_QL_LOG_ERROR) {
-        sgx_proc_log_report(1, message);
+        sgx_proc_log_report(1, "%s", message);
 
     } else if (level == SGX_QL_LOG_INFO) {
-        sgx_proc_log_report(3, message);
+        sgx_proc_log_report(3, "%s", message);
     }
 }