freeipmi-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Freeipmi-devel] [bug #36591] error: format not a string literal and no

From: Yaroslav Halchenko
Subject: [Freeipmi-devel] [bug #36591] error: format not a string literal and no format arguments [-Werror=format-security]
Date: Tue, 05 Jun 2012 01:00:01 +0000
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:10.0.4) Gecko/20100101 Firefox/10.0.4 Iceweasel/10.0.4 
URL:
  <http://savannah.gnu.org/bugs/?36591>

                 Summary: error: format not a string literal and no format
arguments [-Werror=format-security]
                 Project: GNU FreeIPMI
            Submitted by: yoh
            Submitted on: Tue 05 Jun 2012 01:00:00 AM GMT
                Category: None
                Severity: 3 - Normal
                Priority: 5 - Normal
              Item Group: None
                  Status: None
                 Privacy: Public
             Assigned to: None
             Open/Closed: Open
         Discussion Lock: Any
        Operating System: GNU/Linux

    _______________________________________________________

Details:

There is an ongoing effort
http://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags
to provide "hardened" builds of the software for Debian.  so I have tried to
build freeipmi with suggested flags and ran into:

/bin/sh ../../libtool  --tag=CC   --mode=compile gcc -DHAVE_CONFIG_H -I.
-I../../config  -D_GNU_SOURCE -D_REENTRANT -D_FORTIFY_SOURCE=2  -g -O2
-fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security
-Werror=format-security -c -o libmiscutil_la-conffile.lo `test -f 'conffile.c'
|| echo './'`conffile.c
libtool: compile:  gcc -DHAVE_CONFIG_H -I. -I../../config -D_GNU_SOURCE
-D_REENTRANT -D_FORTIFY_SOURCE=2 -g -O2 -fstack-protector
--param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security
-c conffile.c
-fPIC -DPIC -o .libs/libmiscutil_la-conffile.o
conffile.c: In function ‘conffile_errmsg’:
conffile.c:152:23: error: format not a string literal and no format arguments
[-Werror=format-security]
conffile.c:152:23: error: format not a string literal and no format arguments
[-Werror=format-security]
conffile.c:155:23: error: format not a string literal and no format arguments
[-Werror=format-security]
conffile.c:155:23: error: format not a string literal and no format arguments
[-Werror=format-security]
conffile.c:159:23: error: format not a string literal and no format arguments
[-Werror=format-security]
conffile.c:159:23: error: format not a string literal and no format arguments
[-Werror=format-security]
conffile.c:179:23: error: format not a string literal and no format arguments
[-Werror=format-security]
conffile.c:179:23: error: format not a string literal and no format arguments
[-Werror=format-security]
cc1: some warnings being treated as errors
make[3]: *** [libmiscutil_la-conffile.lo] Error 1
...

which are due to the use of snprintf in the scenario where format string is
not actually especting any format options.

Here is few other locations of similar uses:

util/ipmi-device-types-util.c:58:3: error: format not a string literal and no
format arguments [-Werror=format-security]
util/ipmi-sensor-and-event-code-tables-util.c:1111:3: error: format not a
string literal and no format arguments [-Werror=format-security]
util/ipmi-sensor-util.c:67:3: error: format not a string literal and no format
arguments [-Werror=format-security]






    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/bugs/?36591>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/
reply via email to
[Prev in Thread] Current Thread [Next in Thread]