Hi,
On 08/06/2021 21:43, Arne Schwabe wrote:
> clang does not like if the format argument of printf like function
> is not a string literal:
>
> warning: format string is not a string literal (potentially insecure)
>
> Use "%s" as string literal to silence the warning.
>
> Signed-off-by: Arne Schwabe <a...@rfc2549.org>
> ---
> src/openvpn/options.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/src/openvpn/options.c b/src/openvpn/options.c
> index 8978955c3..5ecb7b7db 100644
> --- a/src/openvpn/options.c
> +++ b/src/openvpn/options.c
> @@ -2077,7 +2077,7 @@ check_ca_required(const struct options *options)
> " or CA path (--capath)"
> #endif
> " and/or peer fingerprint verification (--peer-fingerprint)";
> - msg(M_USAGE, str);
> + msg(M_USAGE, "%s", str);
Imho this warning is a borderline one.
Rather than using %s as clang suggests, I am more in favor of the following:
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 819979b1..086f7b6e 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -2069,7 +2069,7 @@ check_ca_required(const struct options *options)
return;
}
- const char* str = "You must define CA file (--ca)"
+ const char* const str = "You must define CA file (--ca)"
#ifndef ENABLE_CRYPTO_MBEDTLS
" or CA path (--capath)"
#endif
Passing "%s" just to make clang happy looks weird to me.
Regards,
--
Antonio Quartulli
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
