summaryrefslogtreecommitdiff
blob: 75be7dc32103f17b7462f6b07abc5b028eef72f6 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
From 07891e8fcf692552c57e64429fd52da9e682f6d2 Mon Sep 17 00:00:00 2001
From: Michael Orlitzky <michael@orlitzky.com>
Date: Sat, 22 Jul 2017 16:38:03 -0400
Subject: [PATCH 1/1] src/queue.c: fix format-security warnings with explicit
 "%s" format string.

The syslog() function takes as its second argument a format string (a
la printf), but if the third parameter is a string, then the format
string can be omitted. This has led to security vulnerabilities in the
past, and compilers can now warn about it. In particular, GCC has the
-Wformat-security option, which can be made an error with
-Werror=format-security.

A few such two-argument calls were present in src/queue.c, where
constant strings were being logged to syslog. This commit adds the
second format string parameter (simply "%s" in this case) to avoid the
compiler warnings.

More information about format-security can be found in Fedora's FAQ:

  https://fedoraproject.org/wiki/Format-Security-FAQ
---
 src/queue.c | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/src/queue.c b/src/queue.c
index 8cb7445..50bb519 100644
--- a/src/queue.c
+++ b/src/queue.c
@@ -50,7 +50,7 @@ void del_queue() {
 	struct msqid_ds buf;
 
 	if (msgctl(queue_id,IPC_RMID,&buf) < 0) {
-		syslog(LOG_ERR,"Error: queue remove error.\n");
+		syslog(LOG_ERR, "%s", "Error: queue remove error.\n");
 	}
 }
 
@@ -58,7 +58,7 @@ int get_queue_id(int id) {
 	key_t key = ftok(NDO_QUEUE_PATH, NDO_QUEUE_ID+id);
 
 	if ((queue_id = msgget(key, IPC_CREAT | 0600)) < 0) {
-		syslog(LOG_ERR,"Error: queue init error.\n");
+		syslog(LOG_ERR, "%s", "Error: queue init error.\n");
 	}
 }
 
@@ -99,7 +99,7 @@ void log_retry( void) {
 		if(msgctl(queue_id, IPC_STAT, &queue_stats)) {
 			sprintf(curstats, "Unable to determine current message queue usage: error reading IPC_STAT: %d", errno);
 			sprintf(logmsg, logfmt, curstats);
-			syslog(LOG_ERR, logmsg);
+			syslog(LOG_ERR, "%s", logmsg);
 			}
 		else {
 #if defined( __linux__)
@@ -108,24 +108,24 @@ void log_retry( void) {
 			if( msgmni < 0) {
 				sprintf(curstats, "Unable to determine current message queue usage: error reading IPC_INFO: %d", errno);
 				sprintf(logmsg, logfmt, curstats);
-				syslog(LOG_ERR, logmsg);
+				syslog(LOG_ERR, "%s", logmsg);
 				}
 			else {
 				sprintf(curstats, statsfmt, queue_stats.msg_qnum,
 						(unsigned long)msgmni, queue_stats.__msg_cbytes,
 						queue_stats.msg_qbytes);
 				sprintf(logmsg, logfmt, curstats);
-				syslog(LOG_ERR, logmsg);
+				syslog(LOG_ERR, "%s", logmsg);
 				}
 #else
 			sprintf(logmsg, logfmt, "");
-			syslog(LOG_ERR, logmsg);
+			syslog(LOG_ERR, "%s", logmsg);
 #endif
 			}
 		last_retry_log_time = now;
 		}
 	else {
-		syslog(LOG_ERR,"Warning: queue send error, retrying...\n");
+		syslog(LOG_ERR, "%s", "Warning: queue send error, retrying...\n");
 		}
 }
 
@@ -155,14 +155,14 @@ void push_into_queue (char* buf) {
 					#endif
 				}
 				if (retrynum < MAX_RETRIES) {
-					syslog(LOG_ERR,"Message sent to queue.\n");
+					syslog(LOG_ERR, "%s", "Message sent to queue.\n");
 					}
 				else {
-					syslog(LOG_ERR,"Error: max retries exceeded sending message to queue. Kernel queue parameters may need to be tuned. See README.\n");
+					syslog(LOG_ERR, "%s", "Error: max retries exceeded sending message to queue. Kernel queue parameters may need to be tuned. See README.\n");
 				}
 			}
 		else {
-			syslog(LOG_ERR,"Error: queue send error.\n");
+			syslog(LOG_ERR, "%s", "Error: queue send error.\n");
 			}
 		}
 
@@ -175,7 +175,7 @@ char* pop_from_queue() {
 	zero_string(msg.text, NDO_MAX_MSG_SIZE);
 
 	if (msgrcv(queue_id, &msg, queue_buff_size, NDO_MSG_TYPE, MSG_NOERROR) < 0) {
-		syslog(LOG_ERR,"Error: queue recv error.\n");
+		syslog(LOG_ERR, "%s", "Error: queue recv error.\n");
 	}
 
 	int size = strlen(msg.text);
-- 
2.13.0