Discussion:
[PATCH 1/1] Fix compilation when -Werror=format-security is enabled for GCC
Add Reply
Eduardas Meile
2018-11-19 09:02:45 UTC
Reply
Permalink
The -Werror=format-security flag is applied by default in Yocto 2.6 Thud
release. The fixes applied are as recommended here:
https://fedoraproject.org/wiki/Format-Security-FAQ
---
toys/pending/fsck.c | 2 +-
toys/pending/getty.c | 4 ++--
toys/pending/test.c | 4 ++--
toys/pending/tftp.c | 2 +-
toys/pending/tftpd.c | 4 ++--
5 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/toys/pending/fsck.c b/toys/pending/fsck.c
index 723f77d..b11d90f 100644
--- a/toys/pending/fsck.c
+++ b/toys/pending/fsck.c
@@ -223,7 +223,7 @@ static void do_fsck(struct f_sys_info *finfo)
return;
} else {
if ((pid = fork()) < 0) {
- perror_msg(args[0]);
+ perror_msg("%s", args[0]);
for (j=0;j<i;j++) free(args[i]);
free(args);
return;
diff --git a/toys/pending/getty.c b/toys/pending/getty.c
index 25d04ea..edada96 100644
--- a/toys/pending/getty.c
+++ b/toys/pending/getty.c
@@ -279,7 +279,7 @@ static void utmp_entry(void)
time((time_t *)&entry.ut_time);
xstrncpy(entry.ut_user, "LOGIN", UT_NAMESIZE);
if (strlen(TT.host_str) > UT_HOSTSIZE)
- perror_msg(utmperr);
+ perror_msg("%s", utmperr);
else xstrncpy(entry.ut_host, TT.host_str, UT_HOSTSIZE);
setutent();
pututline(&entry);
@@ -288,7 +288,7 @@ static void utmp_entry(void)
xstrncpy(entry.ut_line, ttyname(STDIN_FILENO) + strlen("/dev/"), UT_LINESIZE);
xstrncpy(entry.ut_user, "LOGIN", UT_NAMESIZE);
if (strlen(TT.host_str) > UT_HOSTSIZE)
- perror_msg(utmperr);
+ perror_msg("%s", utmperr);
else xstrncpy(entry.ut_host, TT.host_str, UT_HOSTSIZE);
time((time_t *)&entry.ut_time);
setutent();
diff --git a/toys/pending/test.c b/toys/pending/test.c
index e64ebf1..886947c 100644
--- a/toys/pending/test.c
+++ b/toys/pending/test.c
@@ -149,7 +149,7 @@ int test_sub(int optb, int opte)
if (optb + i == opte || !strcmp("-a", toys.optargs[optb + i])
|| !strcmp("-o", toys.optargs[optb + i])) break;
}
- if (i == 4) error_exit(err_syntax);
+ if (i == 4) error_exit("%s", err_syntax);
expr = not ^ test_basic(optb, optb + i);
optb += i;
}
@@ -166,7 +166,7 @@ int test_sub(int optb, int opte)
and = and && expr;
optb++;
}
- else error_exit(err_syntax);
+ else error_exit("%s", err_syntax);
}
}

diff --git a/toys/pending/tftp.c b/toys/pending/tftp.c
index 30ebe81..c47101b 100644
--- a/toys/pending/tftp.c
+++ b/toys/pending/tftp.c
@@ -328,7 +328,7 @@ static int file_get(void)
TFTP_ES_UNKID, TFTP_ES_EXISTS,
TFTP_ES_UNKUSER, TFTP_ES_NEGOTIATE};
if (rblockno && (rblockno < 9)) message = arr[rblockno - 1];
- error_msg(message);
+ error_msg("%s", message);
}
else if (blockno == 1 && opcode == TFTP_OP_OACK) {
len = mkpkt_ack(packet, 0);
diff --git a/toys/pending/tftpd.c b/toys/pending/tftpd.c
index 806326e..9f1859a 100644
--- a/toys/pending/tftpd.c
+++ b/toys/pending/tftpd.c
@@ -77,7 +77,7 @@ static char *g_errpkt = toybuf + TFTPD_BLKSIZE;
static void send_errpkt(struct sockaddr *dstaddr,
socklen_t socklen, char *errmsg)
{
- error_msg(errmsg);
+ error_msg("%s", errmsg);
g_errpkt[1] = TFTPD_OP_ERR;
strcpy(g_errpkt + 4, errmsg);
if (sendto(TT.sfd, g_errpkt, strlen(errmsg)+5, 0, dstaddr, socklen) < 0)
@@ -196,7 +196,7 @@ POLL_INPUT:
"No such user", "Terminate transfer due to option negotiation"};

if (rblockno && (rblockno < 9)) message = arr[rblockno - 1];
- error_msg(message);
+ error_msg("%s", message);
break; // Break the for loop.
}
--
2.17.1
Rob Landley
2018-11-19 16:58:43 UTC
Reply
Permalink
Post by Eduardas Meile
The -Werror=format-security flag is applied by default in Yocto 2.6 Thud
https://fedoraproject.org/wiki/Format-Security-FAQ
We have _raw version of those functions which don't parse the string, I'll
switch these over.

I also note that code in pending is not necessarily production quality yet:

https://github.com/landley/toybox/blob/master/toys/pending/README

Thanks,

Rob

Loading...