rpms/iptraf-ng
6
0
Fork 0
Code Issues Pull Requests Releases Activity

iptraf-ng-1.1.4-4

Browse Source 
Fedora start using -Werror=format-security and iptraf-ng had some
parts where error compilation was trigged.

202b2e7b27a1 Makefile: add -Werror=format-security

Resolved: #1037133

Signed-off-by: Nikola Pajkovsky <npajkovs@redhat.com>
This commit is contained in:
Nikola Pajkovsky 2013-12-03 12:40:20 +01:00
parent f7284826d5
commit 9acb648adc
2 changed files with 93 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

79
0002-Makefile-add-Werror-format-security.patch Normal file
View File

@ -0,0 +1,79 @@
From 202b2e7b27a159d54a525b0cfd366b8d52d5a3a1 Mon Sep 17 00:00:00 2001
Message-Id: <202b2e7b27a159d54a525b0cfd366b8d52d5a3a1.1386069831.git.npajkovs@redhat.com>
From: Nikola Pajkovsky <npajkovs@redhat.com>
Date: Tue, 3 Dec 2013 12:12:16 +0100
Subject: [PATCH] Makefile: add -Werror=format-security
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
-Wformat-security
If -Wformat is specified, also warn about uses of format
functions that represent possible security problems. At
present, this warns about calls to printf and scanf functions
where the format string is not a string literal and there are
no format arguments, as in printf (foo);. This may be a
security hole if the format string came from untrusted input
and contains %n. (This is currently a subset of what
-Wformat-nonliteral warns about, but in future warnings may be
added to -Wformat-security that are not included in
-Wformat-nonliteral.)
Signed-off-by: Nikola Pajkovsky <npajkovs@redhat.com>
---
Makefile | 2 +-
src/ipfilter.c | 2 +-
src/othptab.c | 4 ++--
3 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/Makefile b/Makefile
index 46e5632e3287..958b0fbeec0f 100644
--- a/Makefile
+++ b/Makefile
@@ -18,7 +18,7 @@ VERSION-FILE: FORCE
@$(SHELL_PATH) ./GEN-VERSION-FILE
-include VERSION-FILE
-CFLAGS = -g -O2 -Wall -W -std=gnu99
+CFLAGS = -g -O2 -Wall -W -std=gnu99 -Werror=format-security
LDFLAGS =
ALL_CFLAGS = $(CPPFLAGS) $(CFLAGS)
ALL_LDFLAGS = $(LDFLAGS)
diff --git a/src/ipfilter.c b/src/ipfilter.c
index eb17ec7c7615..8c76e4c801c2 100644
--- a/src/ipfilter.c
+++ b/src/ipfilter.c
@@ -146,7 +146,7 @@ void gethostparams(struct hostparams *data, char *init_saddr, char *init_smask,
snprintf(msgstr, 60,
"Invalid protocol input at or near token \"%s\"",
bptr);
- tui_error(ANYKEY_MSG, msgstr);
+ tui_error(ANYKEY_MSG, "%s", msgstr);
doagain = 1;
} else
doagain = 0;
diff --git a/src/othptab.c b/src/othptab.c
index 5c09241fca99..e23f39e5df45 100644
--- a/src/othptab.c
+++ b/src/othptab.c
@@ -407,7 +407,7 @@ void printothpentry(struct othptable *table, struct othptabent *entry,
break;
}
- sprintf(scratchpad, rarp_mac_addr);
+ sprintf(scratchpad, "%s", rarp_mac_addr);
strcat(msgstring, scratchpad);
wattrset(table->othpwin, ARPATTR);
break;
@@ -482,7 +482,7 @@ void printothpentry(struct othptable *table, struct othptabent *entry,
wattrset(table->othpwin, UNKNIPATTR);
protptr = getprotobynumber(entry->protocol);
if (protptr != NULL) {
- sprintf(protname, protptr->p_aliases[0]);
+ sprintf(protname, "%s", protptr->p_aliases[0]);
} else {
sprintf(protname, "IP protocol");
unknown = 1;
--
1.8.3.2

16
iptraf-ng.spec
View File

@ -1,7 +1,7 @@
Summary: A console-based network monitoring utility Summary: A console-based network monitoring utility
Name: iptraf-ng Name: iptraf-ng
Version: 1.1.4 Version: 1.1.4
Release: 3%{?dist} Release: 4%{?dist}
Source0: https://fedorahosted.org/releases/i/p/iptraf-ng/%{name}-%{version}.tar.gz Source0: https://fedorahosted.org/releases/i/p/iptraf-ng/%{name}-%{version}.tar.gz
Source1: iptraf-ng-logrotate.conf Source1: iptraf-ng-logrotate.conf
URL: https://fedorahosted.org/iptraf-ng/ URL: https://fedorahosted.org/iptraf-ng/
@ -11,6 +11,7 @@ BuildRequires: ncurses-devel
Obsoletes: iptraf < 3.1 Obsoletes: iptraf < 3.1
Provides: iptraf = 3.1 Provides: iptraf = 3.1
Patch01: 0001-BUGFIX-fix-Floating-point-exception-in-tcplog_flowra.patch Patch01: 0001-BUGFIX-fix-Floating-point-exception-in-tcplog_flowra.patch
Patch02: 0002-Makefile-add-Werror-format-security.patch
%description %description
IPTraf-ng is a console-based network monitoring utility. IPTraf gathers IPTraf-ng is a console-based network monitoring utility. IPTraf gathers
@ -33,9 +34,10 @@ on a wide variety of supported network cards.
%prep %prep
%setup -q %setup -q
%patch01 -p1 %patch01 -p1
%patch02 -p1
%build %build
make %{?_smp_mflags} V=1 CFLAGS="-g -O2 -Wall -W -std=gnu99 %{optflags}" make %{?_smp_mflags} V=1 CFLAGS="-g -O2 -Wall -W -std=gnu99 -Werror=format-security %{optflags}"
%install %install
rm -rf %{buildroot} rm -rf %{buildroot}
@ -66,6 +68,16 @@ rm -rf %{buildroot}
%config(noreplace) %{_sysconfdir}/logrotate.d/iptraf-ng %config(noreplace) %{_sysconfdir}/logrotate.d/iptraf-ng
%changelog %changelog
* Tue Dec 03 2013 Nikola Pajkovsky <npajkovs@redhat.com> - 1.1.4-4
- iptraf-ng-1.1.4-4
Fedora start using -Werror=format-security and iptraf-ng had some
parts where error compilation was trigged.
202b2e7b27a1 Makefile: add -Werror=format-security
Resolved: #1037133
* Mon Sep 02 2013 Nikola Pajkovsky <npajkovs@redhat.com> - 1.1.4-3 * Mon Sep 02 2013 Nikola Pajkovsky <npajkovs@redhat.com> - 1.1.4-3
- 9b32013 BUGFIX: fix "Floating point exception" in tcplog_flowrate_msg() (Vitezslav Samel) - 9b32013 BUGFIX: fix "Floating point exception" in tcplog_flowrate_msg() (Vitezslav Samel)