1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
|
From 07891e8fcf692552c57e64429fd52da9e682f6d2 Mon Sep 17 00:00:00 2001
From: Michael Orlitzky <michael@orlitzky.com>
Date: Sat, 22 Jul 2017 16:38:03 -0400
Subject: [PATCH 1/1] src/queue.c: fix format-security warnings with explicit
"%s" format string.
The syslog() function takes as its second argument a format string (a
la printf), but if the third parameter is a string, then the format
string can be omitted. This has led to security vulnerabilities in the
past, and compilers can now warn about it. In particular, GCC has the
-Wformat-security option, which can be made an error with
-Werror=format-security.
A few such two-argument calls were present in src/queue.c, where
constant strings were being logged to syslog. This commit adds the
second format string parameter (simply "%s" in this case) to avoid the
compiler warnings.
More information about format-security can be found in Fedora's FAQ:
https://fedoraproject.org/wiki/Format-Security-FAQ
---
src/queue.c | 22 +++++++++++-----------
1 file changed, 11 insertions(+), 11 deletions(-)
diff --git a/src/queue.c b/src/queue.c
index 8cb7445..50bb519 100644
--- a/src/queue.c
+++ b/src/queue.c
@@ -50,7 +50,7 @@ void del_queue() {
struct msqid_ds buf;
if (msgctl(queue_id,IPC_RMID,&buf) < 0) {
- syslog(LOG_ERR,"Error: queue remove error.\n");
+ syslog(LOG_ERR, "%s", "Error: queue remove error.\n");
}
}
@@ -58,7 +58,7 @@ int get_queue_id(int id) {
key_t key = ftok(NDO_QUEUE_PATH, NDO_QUEUE_ID+id);
if ((queue_id = msgget(key, IPC_CREAT | 0600)) < 0) {
- syslog(LOG_ERR,"Error: queue init error.\n");
+ syslog(LOG_ERR, "%s", "Error: queue init error.\n");
}
}
@@ -99,7 +99,7 @@ void log_retry( void) {
if(msgctl(queue_id, IPC_STAT, &queue_stats)) {
sprintf(curstats, "Unable to determine current message queue usage: error reading IPC_STAT: %d", errno);
sprintf(logmsg, logfmt, curstats);
- syslog(LOG_ERR, logmsg);
+ syslog(LOG_ERR, "%s", logmsg);
}
else {
#if defined( __linux__)
@@ -108,24 +108,24 @@ void log_retry( void) {
if( msgmni < 0) {
sprintf(curstats, "Unable to determine current message queue usage: error reading IPC_INFO: %d", errno);
sprintf(logmsg, logfmt, curstats);
- syslog(LOG_ERR, logmsg);
+ syslog(LOG_ERR, "%s", logmsg);
}
else {
sprintf(curstats, statsfmt, queue_stats.msg_qnum,
(unsigned long)msgmni, queue_stats.__msg_cbytes,
queue_stats.msg_qbytes);
sprintf(logmsg, logfmt, curstats);
- syslog(LOG_ERR, logmsg);
+ syslog(LOG_ERR, "%s", logmsg);
}
#else
sprintf(logmsg, logfmt, "");
- syslog(LOG_ERR, logmsg);
+ syslog(LOG_ERR, "%s", logmsg);
#endif
}
last_retry_log_time = now;
}
else {
- syslog(LOG_ERR,"Warning: queue send error, retrying...\n");
+ syslog(LOG_ERR, "%s", "Warning: queue send error, retrying...\n");
}
}
@@ -155,14 +155,14 @@ void push_into_queue (char* buf) {
#endif
}
if (retrynum < MAX_RETRIES) {
- syslog(LOG_ERR,"Message sent to queue.\n");
+ syslog(LOG_ERR, "%s", "Message sent to queue.\n");
}
else {
- syslog(LOG_ERR,"Error: max retries exceeded sending message to queue. Kernel queue parameters may need to be tuned. See README.\n");
+ syslog(LOG_ERR, "%s", "Error: max retries exceeded sending message to queue. Kernel queue parameters may need to be tuned. See README.\n");
}
}
else {
- syslog(LOG_ERR,"Error: queue send error.\n");
+ syslog(LOG_ERR, "%s", "Error: queue send error.\n");
}
}
@@ -175,7 +175,7 @@ char* pop_from_queue() {
zero_string(msg.text, NDO_MAX_MSG_SIZE);
if (msgrcv(queue_id, &msg, queue_buff_size, NDO_MSG_TYPE, MSG_NOERROR) < 0) {
- syslog(LOG_ERR,"Error: queue recv error.\n");
+ syslog(LOG_ERR, "%s", "Error: queue recv error.\n");
}
int size = strlen(msg.text);
--
2.13.0
|