From 202b2e7b27a159d54a525b0cfd366b8d52d5a3a1 Mon Sep 17 00:00:00 2001
Message-Id: <202b2e7b27a159d54a525b0cfd366b8d52d5a3a1.1386069831.git.npajkovs@redhat.com>
From: Nikola Pajkovsky <npajkovs@redhat.com>
Date: Tue, 3 Dec 2013 12:12:16 +0100
Subject: [PATCH] Makefile: add -Werror=format-security
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
-Wformat-security
If -Wformat is specified, also warn about uses of format
functions that represent possible security problems. At
present, this warns about calls to printf and scanf functions
where the format string is not a string literal and there are
no format arguments, as in printf (foo);. This may be a
security hole if the format string came from untrusted input
and contains ā%nā. (This is currently a subset of what
-Wformat-nonliteral warns about, but in future warnings may be
added to -Wformat-security that are not included in
-Wformat-nonliteral.)
Signed-off-by: Nikola Pajkovsky <npajkovs@redhat.com>
---
Makefile | 2 +-
src/ipfilter.c | 2 +-
src/othptab.c | 4 ++--
3 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/Makefile b/Makefile
index 46e5632e3287..958b0fbeec0f 100644
--- a/Makefile
+++ b/Makefile
@@ -18,7 +18,7 @@ VERSION-FILE: FORCE
@$(SHELL_PATH) ./GEN-VERSION-FILE
-include VERSION-FILE
-CFLAGS = -g -O2 -Wall -W -std=gnu99
+CFLAGS = -g -O2 -Wall -W -std=gnu99 -Werror=format-security
LDFLAGS =
ALL_CFLAGS = $(CPPFLAGS) $(CFLAGS)
ALL_LDFLAGS = $(LDFLAGS)
diff --git a/src/ipfilter.c b/src/ipfilter.c
index eb17ec7c7615..8c76e4c801c2 100644
--- a/src/ipfilter.c
+++ b/src/ipfilter.c
@@ -146,7 +146,7 @@ void gethostparams(struct hostparams *data, char *init_saddr, char *init_smask,
snprintf(msgstr, 60,
"Invalid protocol input at or near token \"%s\"",
bptr);
- tui_error(ANYKEY_MSG, msgstr);
+ tui_error(ANYKEY_MSG, "%s", msgstr);
doagain = 1;
} else
doagain = 0;
diff --git a/src/othptab.c b/src/othptab.c
index 5c09241fca99..e23f39e5df45 100644
--- a/src/othptab.c
+++ b/src/othptab.c
@@ -407,7 +407,7 @@ void printothpentry(struct othptable *table, struct othptabent *entry,
break;
}
- sprintf(scratchpad, rarp_mac_addr);
+ sprintf(scratchpad, "%s", rarp_mac_addr);
strcat(msgstring, scratchpad);
wattrset(table->othpwin, ARPATTR);
break;
@@ -482,7 +482,7 @@ void printothpentry(struct othptable *table, struct othptabent *entry,
wattrset(table->othpwin, UNKNIPATTR);
protptr = getprotobynumber(entry->protocol);
if (protptr != NULL) {
- sprintf(protname, protptr->p_aliases[0]);
+ sprintf(protname, "%s", protptr->p_aliases[0]);
} else {
sprintf(protname, "IP protocol");
unknown = 1;
--
1.8.3.2