Package: lsb-appchk3
Version: 3.2.2-1
Severity: normal
Tags: patch
User: [EMAIL PROTECTED]
Usertags: origin-ubuntu jaunty ubuntu-patch
Hi,
The slightly stricter compiler in Ubuntu picked up two issues with
your package.
Firstly there is a missing stdlib.h inclusion, so NULL isn't defined
for that file. If the compiler is stricter about header inclusion
then this causes a vuild failure.
The other is two instances of directly printing the value of a string
literal without using a format string. This can be a security
vunerability if an attacker can control the value, but is more usually
just a programming issue as it can cause crashes depending on the value
of the string.
The attached patch fixes both issues, please consider applying it.
Thanks,
James
diff -u lsb-appchk3-3.2.2/tests/misc/appchk/appchk.c lsb-appchk3-3.2.2/tests/misc/appchk/appchk.c
--- lsb-appchk3-3.2.2/tests/misc/appchk/appchk.c
+++ lsb-appchk3-3.2.2/tests/misc/appchk/appchk.c
@@ -329,7 +329,7 @@
}
break;
case 'o':
- snprintf(output_filename, TMP_STRING_SIZE, optarg);
+ snprintf(output_filename, TMP_STRING_SIZE, "%s", optarg);
break;
case 'j':
do_journal = 1;
@@ -341,7 +341,7 @@
do_missing_symbol = 1;
break;
case 'l':
- snprintf(list_filename, TMP_STRING_SIZE, optarg);
+ snprintf(list_filename, TMP_STRING_SIZE, "%s", optarg);
break;
default:
usage(argv[0]);
only in patch2:
unchanged:
--- lsb-appchk3-3.2.2.orig/tests/misc/rpmchk/vals.c
+++ lsb-appchk3-3.2.2/tests/misc/rpmchk/vals.c
@@ -5,6 +5,7 @@
*
*/
#include "rpmchk.h"
+#include "stdlib.h"
/*
* This file contains some values which must match, and some places to
* stick things which are discovered in one place, but used in another.
