80 lines
2.8 KiB
Diff
80 lines
2.8 KiB
Diff
From 202b2e7b27a159d54a525b0cfd366b8d52d5a3a1 Mon Sep 17 00:00:00 2001
|
||
Message-Id: <202b2e7b27a159d54a525b0cfd366b8d52d5a3a1.1386069831.git.npajkovs@redhat.com>
|
||
From: Nikola Pajkovsky <npajkovs@redhat.com>
|
||
Date: Tue, 3 Dec 2013 12:12:16 +0100
|
||
Subject: [PATCH] Makefile: add -Werror=format-security
|
||
MIME-Version: 1.0
|
||
Content-Type: text/plain; charset=UTF-8
|
||
Content-Transfer-Encoding: 8bit
|
||
|
||
-Wformat-security
|
||
If -Wformat is specified, also warn about uses of format
|
||
functions that represent possible security problems. At
|
||
present, this warns about calls to printf and scanf functions
|
||
where the format string is not a string literal and there are
|
||
no format arguments, as in printf (foo);. This may be a
|
||
security hole if the format string came from untrusted input
|
||
and contains ‘%n’. (This is currently a subset of what
|
||
-Wformat-nonliteral warns about, but in future warnings may be
|
||
added to -Wformat-security that are not included in
|
||
-Wformat-nonliteral.)
|
||
|
||
Signed-off-by: Nikola Pajkovsky <npajkovs@redhat.com>
|
||
---
|
||
Makefile | 2 +-
|
||
src/ipfilter.c | 2 +-
|
||
src/othptab.c | 4 ++--
|
||
3 files changed, 4 insertions(+), 4 deletions(-)
|
||
|
||
diff --git a/Makefile b/Makefile
|
||
index 46e5632e3287..958b0fbeec0f 100644
|
||
--- a/Makefile
|
||
+++ b/Makefile
|
||
@@ -18,7 +18,7 @@ VERSION-FILE: FORCE
|
||
@$(SHELL_PATH) ./GEN-VERSION-FILE
|
||
-include VERSION-FILE
|
||
|
||
-CFLAGS = -g -O2 -Wall -W -std=gnu99
|
||
+CFLAGS = -g -O2 -Wall -W -std=gnu99 -Werror=format-security
|
||
LDFLAGS =
|
||
ALL_CFLAGS = $(CPPFLAGS) $(CFLAGS)
|
||
ALL_LDFLAGS = $(LDFLAGS)
|
||
diff --git a/src/ipfilter.c b/src/ipfilter.c
|
||
index eb17ec7c7615..8c76e4c801c2 100644
|
||
--- a/src/ipfilter.c
|
||
+++ b/src/ipfilter.c
|
||
@@ -146,7 +146,7 @@ void gethostparams(struct hostparams *data, char *init_saddr, char *init_smask,
|
||
snprintf(msgstr, 60,
|
||
"Invalid protocol input at or near token \"%s\"",
|
||
bptr);
|
||
- tui_error(ANYKEY_MSG, msgstr);
|
||
+ tui_error(ANYKEY_MSG, "%s", msgstr);
|
||
doagain = 1;
|
||
} else
|
||
doagain = 0;
|
||
diff --git a/src/othptab.c b/src/othptab.c
|
||
index 5c09241fca99..e23f39e5df45 100644
|
||
--- a/src/othptab.c
|
||
+++ b/src/othptab.c
|
||
@@ -407,7 +407,7 @@ void printothpentry(struct othptable *table, struct othptabent *entry,
|
||
break;
|
||
}
|
||
|
||
- sprintf(scratchpad, rarp_mac_addr);
|
||
+ sprintf(scratchpad, "%s", rarp_mac_addr);
|
||
strcat(msgstring, scratchpad);
|
||
wattrset(table->othpwin, ARPATTR);
|
||
break;
|
||
@@ -482,7 +482,7 @@ void printothpentry(struct othptable *table, struct othptabent *entry,
|
||
wattrset(table->othpwin, UNKNIPATTR);
|
||
protptr = getprotobynumber(entry->protocol);
|
||
if (protptr != NULL) {
|
||
- sprintf(protname, protptr->p_aliases[0]);
|
||
+ sprintf(protname, "%s", protptr->p_aliases[0]);
|
||
} else {
|
||
sprintf(protname, "IP protocol");
|
||
unknown = 1;
|
||
--
|
||
1.8.3.2
|
||
|