Date: Mon, 21 Oct 2013 08:44:10 +0200 From: Dimitry Andric <dim@FreeBSD.org> To: Sean Bruno <sbruno@freebsd.org> Cc: freebsd-current@freebsd.org Subject: Re: contrib/gcclibs/libssp security warning Message-ID: <543E81FB-3C62-4CE6-B2D4-63A0ED7CE006@FreeBSD.org> In-Reply-To: <1382327252.2610.2.camel@localhost> References: <1382327252.2610.2.camel@localhost>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --] On Oct 21, 2013, at 05:47, Sean Bruno <sean_bruno@yahoo.com> wrote: > There's an unchecked syslog call inside of libssp/ssp.c > > > /usr/src/gnu/lib/libssp/../../../contrib/gcclibs/libssp/ssp.c:137:23: > warning: format string is not a string literal (potentially insecure) > [-Wformat-security] > syslog (LOG_CRIT, msg1); > ^~~~ > 1 warning generated. > /usr/src/gnu/lib/libssp/../../../contrib/gcclibs/libssp/ssp.c:137:23: > warning: format string is not a string literal (potentially insecure) > [-Wformat-security] > syslog (LOG_CRIT, msg1); > > I propose the following change: > > Index: contrib/gcclibs/libssp/ssp.c > =================================================================== > --- contrib/gcclibs/libssp/ssp.c (revision 256712) > +++ contrib/gcclibs/libssp/ssp.c (working copy) > #ifdef HAVE_SYSLOG_H > /* Only send the error to syslog if there was no tty available. */ > else > - syslog (LOG_CRIT, msg3); > + syslog (LOG_CRIT, "%s", msg3); > #endif /* HAVE_SYSLOG_H */ > Heh, this is also still in upstream gcc. :-) It should not be a real security problem, as the fail() function is only ever called twice, with predictable const char arguments. But better safe than sorry, so LGTM. -Dimitry [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.20 (Darwin) iEYEARECAAYFAlJkzUIACgkQsF6jCi4glqNCTwCfcIZQeCSmRSW8Fs+1p4fmb0PS sL8An2rfhYE/4R6ywloijuExl2Hkr5Yo =nTf9 -----END PGP SIGNATURE-----help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?543E81FB-3C62-4CE6-B2D4-63A0ED7CE006>