Blob Blame History Raw
From 202b2e7b27a159d54a525b0cfd366b8d52d5a3a1 Mon Sep 17 00:00:00 2001
Message-Id: <202b2e7b27a159d54a525b0cfd366b8d52d5a3a1.1386069831.git.npajkovs@redhat.com>
From: Nikola Pajkovsky <npajkovs@redhat.com>
Date: Tue, 3 Dec 2013 12:12:16 +0100
Subject: [PATCH] Makefile: add -Werror=format-security
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

-Wformat-security
        If -Wformat is specified, also warn about uses of format
        functions that represent possible security problems. At
        present, this warns about calls to printf and scanf functions
        where the format string is not a string literal and there are
        no format arguments, as in printf (foo);. This may be a
        security hole if the format string came from untrusted input
        and contains ā€˜%nā€™. (This is currently a subset of what
        -Wformat-nonliteral warns about, but in future warnings may be
        added to -Wformat-security that are not included in
        -Wformat-nonliteral.)

Signed-off-by: Nikola Pajkovsky <npajkovs@redhat.com>
---
 Makefile       | 2 +-
 src/ipfilter.c | 2 +-
 src/othptab.c  | 4 ++--
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/Makefile b/Makefile
index 46e5632e3287..958b0fbeec0f 100644
--- a/Makefile
+++ b/Makefile
@@ -18,7 +18,7 @@ VERSION-FILE: FORCE
 	@$(SHELL_PATH) ./GEN-VERSION-FILE
 -include VERSION-FILE
 
-CFLAGS = -g -O2 -Wall -W -std=gnu99
+CFLAGS = -g -O2 -Wall -W -std=gnu99 -Werror=format-security
 LDFLAGS =
 ALL_CFLAGS = $(CPPFLAGS) $(CFLAGS)
 ALL_LDFLAGS = $(LDFLAGS)
diff --git a/src/ipfilter.c b/src/ipfilter.c
index eb17ec7c7615..8c76e4c801c2 100644
--- a/src/ipfilter.c
+++ b/src/ipfilter.c
@@ -146,7 +146,7 @@ void gethostparams(struct hostparams *data, char *init_saddr, char *init_smask,
 				snprintf(msgstr, 60,
 					 "Invalid protocol input at or near token \"%s\"",
 					 bptr);
-				tui_error(ANYKEY_MSG, msgstr);
+				tui_error(ANYKEY_MSG, "%s", msgstr);
 				doagain = 1;
 			} else
 				doagain = 0;
diff --git a/src/othptab.c b/src/othptab.c
index 5c09241fca99..e23f39e5df45 100644
--- a/src/othptab.c
+++ b/src/othptab.c
@@ -407,7 +407,7 @@ void printothpentry(struct othptable *table, struct othptabent *entry,
 				break;
 			}
 
-			sprintf(scratchpad, rarp_mac_addr);
+			sprintf(scratchpad, "%s", rarp_mac_addr);
 			strcat(msgstring, scratchpad);
 			wattrset(table->othpwin, ARPATTR);
 			break;
@@ -482,7 +482,7 @@ void printothpentry(struct othptable *table, struct othptabent *entry,
 		wattrset(table->othpwin, UNKNIPATTR);
 		protptr = getprotobynumber(entry->protocol);
 		if (protptr != NULL) {
-			sprintf(protname, protptr->p_aliases[0]);
+			sprintf(protname, "%s", protptr->p_aliases[0]);
 		} else {
 			sprintf(protname, "IP protocol");
 			unknown = 1;
-- 
1.8.3.2