From 202b2e7b27a159d54a525b0cfd366b8d52d5a3a1 Mon Sep 17 00:00:00 2001 Message-Id: <202b2e7b27a159d54a525b0cfd366b8d52d5a3a1.1386069831.git.npajkovs@redhat.com> From: Nikola Pajkovsky Date: Tue, 3 Dec 2013 12:12:16 +0100 Subject: [PATCH] Makefile: add -Werror=format-security MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit -Wformat-security If -Wformat is specified, also warn about uses of format functions that represent possible security problems. At present, this warns about calls to printf and scanf functions where the format string is not a string literal and there are no format arguments, as in printf (foo);. This may be a security hole if the format string came from untrusted input and contains ā€˜%nā€™. (This is currently a subset of what -Wformat-nonliteral warns about, but in future warnings may be added to -Wformat-security that are not included in -Wformat-nonliteral.) Signed-off-by: Nikola Pajkovsky --- Makefile | 2 +- src/ipfilter.c | 2 +- src/othptab.c | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Makefile b/Makefile index 46e5632e3287..958b0fbeec0f 100644 --- a/Makefile +++ b/Makefile @@ -18,7 +18,7 @@ VERSION-FILE: FORCE @$(SHELL_PATH) ./GEN-VERSION-FILE -include VERSION-FILE -CFLAGS = -g -O2 -Wall -W -std=gnu99 +CFLAGS = -g -O2 -Wall -W -std=gnu99 -Werror=format-security LDFLAGS = ALL_CFLAGS = $(CPPFLAGS) $(CFLAGS) ALL_LDFLAGS = $(LDFLAGS) diff --git a/src/ipfilter.c b/src/ipfilter.c index eb17ec7c7615..8c76e4c801c2 100644 --- a/src/ipfilter.c +++ b/src/ipfilter.c @@ -146,7 +146,7 @@ void gethostparams(struct hostparams *data, char *init_saddr, char *init_smask, snprintf(msgstr, 60, "Invalid protocol input at or near token \"%s\"", bptr); - tui_error(ANYKEY_MSG, msgstr); + tui_error(ANYKEY_MSG, "%s", msgstr); doagain = 1; } else doagain = 0; diff --git a/src/othptab.c b/src/othptab.c index 5c09241fca99..e23f39e5df45 100644 --- a/src/othptab.c +++ b/src/othptab.c @@ -407,7 +407,7 @@ void printothpentry(struct othptable *table, struct othptabent *entry, break; } - sprintf(scratchpad, rarp_mac_addr); + sprintf(scratchpad, "%s", rarp_mac_addr); strcat(msgstring, scratchpad); wattrset(table->othpwin, ARPATTR); break; @@ -482,7 +482,7 @@ void printothpentry(struct othptable *table, struct othptabent *entry, wattrset(table->othpwin, UNKNIPATTR); protptr = getprotobynumber(entry->protocol); if (protptr != NULL) { - sprintf(protname, protptr->p_aliases[0]); + sprintf(protname, "%s", protptr->p_aliases[0]); } else { sprintf(protname, "IP protocol"); unknown = 1; -- 1.8.3.2