|
 |
4a9614 |
From 202b2e7b27a159d54a525b0cfd366b8d52d5a3a1 Mon Sep 17 00:00:00 2001
|
|
|
4a9614 |
Message-Id: <202b2e7b27a159d54a525b0cfd366b8d52d5a3a1.1386069831.git.npajkovs@redhat.com>
|
|
|
4a9614 |
From: Nikola Pajkovsky <npajkovs@redhat.com>
|
|
|
4a9614 |
Date: Tue, 3 Dec 2013 12:12:16 +0100
|
|
|
4a9614 |
Subject: [PATCH] Makefile: add -Werror=format-security
|
|
|
4a9614 |
MIME-Version: 1.0
|
|
|
4a9614 |
Content-Type: text/plain; charset=UTF-8
|
|
|
4a9614 |
Content-Transfer-Encoding: 8bit
|
|
|
4a9614 |
|
|
|
4a9614 |
-Wformat-security
|
|
|
4a9614 |
If -Wformat is specified, also warn about uses of format
|
|
|
4a9614 |
functions that represent possible security problems. At
|
|
|
4a9614 |
present, this warns about calls to printf and scanf functions
|
|
|
4a9614 |
where the format string is not a string literal and there are
|
|
|
4a9614 |
no format arguments, as in printf (foo);. This may be a
|
|
|
4a9614 |
security hole if the format string came from untrusted input
|
|
|
4a9614 |
and contains ā%nā. (This is currently a subset of what
|
|
|
4a9614 |
-Wformat-nonliteral warns about, but in future warnings may be
|
|
|
4a9614 |
added to -Wformat-security that are not included in
|
|
|
4a9614 |
-Wformat-nonliteral.)
|
|
|
4a9614 |
|
|
|
4a9614 |
Signed-off-by: Nikola Pajkovsky <npajkovs@redhat.com>
|
|
|
4a9614 |
---
|
|
|
4a9614 |
Makefile | 2 +-
|
|
|
4a9614 |
src/ipfilter.c | 2 +-
|
|
|
4a9614 |
src/othptab.c | 4 ++--
|
|
|
4a9614 |
3 files changed, 4 insertions(+), 4 deletions(-)
|
|
|
4a9614 |
|
|
|
4a9614 |
diff --git a/Makefile b/Makefile
|
|
|
4a9614 |
index 46e5632e3287..958b0fbeec0f 100644
|
|
|
4a9614 |
--- a/Makefile
|
|
|
4a9614 |
+++ b/Makefile
|
|
|
4a9614 |
@@ -18,7 +18,7 @@ VERSION-FILE: FORCE
|
|
|
4a9614 |
@$(SHELL_PATH) ./GEN-VERSION-FILE
|
|
|
4a9614 |
-include VERSION-FILE
|
|
|
4a9614 |
|
|
|
4a9614 |
-CFLAGS = -g -O2 -Wall -W -std=gnu99
|
|
|
4a9614 |
+CFLAGS = -g -O2 -Wall -W -std=gnu99 -Werror=format-security
|
|
|
4a9614 |
LDFLAGS =
|
|
|
4a9614 |
ALL_CFLAGS = $(CPPFLAGS) $(CFLAGS)
|
|
|
4a9614 |
ALL_LDFLAGS = $(LDFLAGS)
|
|
|
4a9614 |
diff --git a/src/ipfilter.c b/src/ipfilter.c
|
|
|
4a9614 |
index eb17ec7c7615..8c76e4c801c2 100644
|
|
|
4a9614 |
--- a/src/ipfilter.c
|
|
|
4a9614 |
+++ b/src/ipfilter.c
|
|
|
4a9614 |
@@ -146,7 +146,7 @@ void gethostparams(struct hostparams *data, char *init_saddr, char *init_smask,
|
|
|
4a9614 |
snprintf(msgstr, 60,
|
|
|
4a9614 |
"Invalid protocol input at or near token \"%s\"",
|
|
|
4a9614 |
bptr);
|
|
|
4a9614 |
- tui_error(ANYKEY_MSG, msgstr);
|
|
|
4a9614 |
+ tui_error(ANYKEY_MSG, "%s", msgstr);
|
|
|
4a9614 |
doagain = 1;
|
|
|
4a9614 |
} else
|
|
|
4a9614 |
doagain = 0;
|
|
|
4a9614 |
diff --git a/src/othptab.c b/src/othptab.c
|
|
|
4a9614 |
index 5c09241fca99..e23f39e5df45 100644
|
|
|
4a9614 |
--- a/src/othptab.c
|
|
|
4a9614 |
+++ b/src/othptab.c
|
|
|
4a9614 |
@@ -407,7 +407,7 @@ void printothpentry(struct othptable *table, struct othptabent *entry,
|
|
|
4a9614 |
break;
|
|
|
4a9614 |
}
|
|
|
4a9614 |
|
|
|
4a9614 |
- sprintf(scratchpad, rarp_mac_addr);
|
|
|
4a9614 |
+ sprintf(scratchpad, "%s", rarp_mac_addr);
|
|
|
4a9614 |
strcat(msgstring, scratchpad);
|
|
|
4a9614 |
wattrset(table->othpwin, ARPATTR);
|
|
|
4a9614 |
break;
|
|
|
4a9614 |
@@ -482,7 +482,7 @@ void printothpentry(struct othptable *table, struct othptabent *entry,
|
|
|
4a9614 |
wattrset(table->othpwin, UNKNIPATTR);
|
|
|
4a9614 |
protptr = getprotobynumber(entry->protocol);
|
|
|
4a9614 |
if (protptr != NULL) {
|
|
|
4a9614 |
- sprintf(protname, protptr->p_aliases[0]);
|
|
|
4a9614 |
+ sprintf(protname, "%s", protptr->p_aliases[0]);
|
|
|
4a9614 |
} else {
|
|
|
4a9614 |
sprintf(protname, "IP protocol");
|
|
|
4a9614 |
unknown = 1;
|
|
|
4a9614 |
--
|
|
|
4a9614 |
1.8.3.2
|
|
|
4a9614 |
|