> On May 16, 2016, at 2:37 PM, Plauchu Edwin > <edwin.plauchu.cama...@linux.intel.com> wrote: > > > > On 16/05/16 16:28, Khem Raj wrote: >>> On May 16, 2016, at 1:19 PM, edwin.plauchu.cama...@linux.intel.com wrote: >>> >>> From: Edwin Plauchu <edwin.plauchu.cama...@intel.com> >>> >>> This patch avoids stat fails to compile with compiler flags which elevate >>> common string formatting issues into an error (-Wformat -Wformat-security >>> -Werror=format-security). >>> >>> [YOCTO #9550] >>> >>> Signed-off-by: Edwin Plauchu <edwin.plauchu.cama...@intel.com> >>> --- >>> meta/conf/distro/include/security_flags.inc | 1 - >>> .../stat/stat-3.3/fix-security-format.patch | 77 >>> ++++++++++++++++++++++ >>> meta/recipes-extended/stat/stat_3.3.bb | 1 + >>> 3 files changed, 78 insertions(+), 1 deletion(-) >>> create mode 100644 >>> meta/recipes-extended/stat/stat-3.3/fix-security-format.patch >>> >>> diff --git a/meta/conf/distro/include/security_flags.inc >>> b/meta/conf/distro/include/security_flags.inc >>> index 7a91cec..5ae6dd8 100644 >>> --- a/meta/conf/distro/include/security_flags.inc >>> +++ b/meta/conf/distro/include/security_flags.inc >>> @@ -105,7 +105,6 @@ SECURITY_STRINGFORMAT_pn-gettext = "" >>> SECURITY_STRINGFORMAT_pn-kexec-tools = "" >>> SECURITY_STRINGFORMAT_pn-makedevs = "" >>> SECURITY_STRINGFORMAT_pn-oh-puzzles = "" >>> -SECURITY_STRINGFORMAT_pn-stat = "" >>> SECURITY_STRINGFORMAT_pn-unzip = "" >>> SECURITY_STRINGFORMAT_pn-zip = "" >>> >>> diff --git a/meta/recipes-extended/stat/stat-3.3/fix-security-format.patch >>> b/meta/recipes-extended/stat/stat-3.3/fix-security-format.patch >>> new file mode 100644 >>> index 0000000..7d9f8df >>> --- /dev/null >>> +++ b/meta/recipes-extended/stat/stat-3.3/fix-security-format.patch >>> @@ -0,0 +1,77 @@ >>> +meta: recipes-extended: Fixing security formatting issues on stat >>> + >>> +Fix security formatting issues related to printf without NULL argument >>> + >>> +stat.c: In function 'print_human_access': >>> +stat.c:292:13: error: format not a string literal and no format arguments >>> [-Werror=format-security] >>> + printf (access); >>> + ^ >>> +stat.c: In function 'print_human_time': >>> +stat.c:299:57: error: format not a string literal and no format arguments >>> [-Werror=format-security] >>> + if (strftime(str, 40, "%c", localtime(t)) > 0) printf(str); >>> + ^ >>> +stat.c: In function 'print_it': >>> +stat.c:613:6: error: format not a string literal and no format arguments >>> [-Werror=format-security] >>> + printf(b); >>> + ^ >>> +stat.c:642:6: error: format not a string literal and no format arguments >>> [-Werror=format-security] >>> + printf(b); >>> + ^ >>> + >>> +[YOCTO #9550] >>> +[https://bugzilla.yoctoproject.org/show_bug.cgi?id=9550] >>> + >>> +Upstream-Status: Pending >>> + >>> +Signed-off-by: Edwin Plauchu <edwin.plauchu.cama...@intel.com> >>> + >>> +diff --git a/stat.c b/stat.c >>> +index 1ed07a9..351ab54 100644 >>> +--- a/stat.c >>> ++++ b/stat.c >>> +@@ -21,6 +21,8 @@ >>> + >>> + #include "fs.h" >>> + >>> ++#define __PRINT(STR) printf (STR,NULL) >>> ++ >> Can we use proper formatting string here something like >> printf(ā%sā, access ); >> >> or use fputs() Call instead > With fputs we need to specify stdout stream and > the printf "%s" option needs a little bit more processing in formatting. > > The actual change covers the security considerations with minimal add of NULL > if you > know why the another ways will be better please tell me.
First of all macros here make code quite unreadable.
secondly, I am just recommending how printf
is supposed to be used here,
int printf(const char *format, ...);
someone just missed specifying a formatting string.
>
> Thanks in advance
> Edwin Plauchu
>>
>>> + void print_human_type(unsigned short mode)
>>> + {
>>> + switch (mode & S_IFMT)
>>> +@@ -289,15 +291,15 @@ void print_human_access(struct stat *statbuf)
>>> + default:
>>> + access[0] = '?';
>>> + }
>>> +- printf (access);
>>> ++ __PRINT(access);
>>> + }
>>> +
>>> + void print_human_time(time_t *t)
>>> + {
>>> + char str[40];
>>> +
>>> +- if (strftime(str, 40, "%c", localtime(t)) > 0) printf(str);
>>> +- else printf("Cannot calculate human readable time, sorry");
>>> ++ if (strftime(str, 40, "%c", localtime(t)) > 0) __PRINT(str);
>>> ++ else __PRINT("Cannot calculate human readable time, sorry");
>>> + }
>>> +
>>> + /* print statfs info */
>>> +@@ -610,7 +612,7 @@ void print_it(char *masterformat, char *filename,
>>> + {
>>> + strcpy (pformat, "%");
>>> + *m++ = '\0';
>>> +- printf(b);
>>> ++ __PRINT(b);
>>> +
>>> + /* copy all format specifiers to our format string */
>>> + while (isdigit(*m) || strchr("#0-+. I", *m))
>>> +@@ -639,7 +641,7 @@ void print_it(char *masterformat, char *filename,
>>> + }
>>> + else
>>> + {
>>> +- printf(b);
>>> ++ __PRINT(b);
>>> + b = NULL;
>>> + }
>>> + }
>>> diff --git a/meta/recipes-extended/stat/stat_3.3.bb
>>> b/meta/recipes-extended/stat/stat_3.3.bb
>>> index a5ece07..0697c73 100644
>>> --- a/meta/recipes-extended/stat/stat_3.3.bb
>>> +++ b/meta/recipes-extended/stat/stat_3.3.bb
>>> @@ -6,6 +6,7 @@ LIC_FILES_CHKSUM =
>>> "file://COPYRIGHT;md5=39886b077fd072e876e5c4c16310b631 \
>>> file://GPL;md5=94d55d512a9ba36caa9b7df079bae19f"
>>>
>>> SRC_URI = "http://www.ibiblio.org/pub/Linux/utils/file/${BP}.tar.gz \
>>> + file://fix-security-format.patch \
>>> file://fix-error-return.patch"
>>>
>>> SRC_URI[md5sum] = "37e247e8e400ad9205f1b0500b728fd3"
>>> --
>>> 1.9.1
>>>
>>> --
>>> _______________________________________________
>>> Openembedded-core mailing list
>>> Openembedded-core@lists.openembedded.org
>>> http://lists.openembedded.org/mailman/listinfo/openembedded-core
>
signature.asc
Description: Message signed with OpenPGP using GPGMail
-- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
