From owner-freebsd-current@FreeBSD.ORG Mon Oct 21 06:44:22 2013 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 3EB17DF1; Mon, 21 Oct 2013 06:44:22 +0000 (UTC) (envelope-from dim@FreeBSD.org) Received: from tensor.andric.com (tensor.andric.com [IPv6:2001:7b8:3a7:1:2d0:b7ff:fea0:8c26]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 01F382E4D; Mon, 21 Oct 2013 06:44:22 +0000 (UTC) Received: from [IPv6:2001:7b8:3a7::d87c:85ac:5875:b51a] (unknown [IPv6:2001:7b8:3a7:0:d87c:85ac:5875:b51a]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by tensor.andric.com (Postfix) with ESMTPSA id 3C2955C44; Mon, 21 Oct 2013 08:44:17 +0200 (CEST) Content-Type: multipart/signed; boundary="Apple-Mail=_C37DAA12-FB1B-465C-8351-3D6534616E64"; protocol="application/pgp-signature"; micalg=pgp-sha1 Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\)) Subject: Re: contrib/gcclibs/libssp security warning From: Dimitry Andric In-Reply-To: <1382327252.2610.2.camel@localhost> Date: Mon, 21 Oct 2013 08:44:10 +0200 Message-Id: <543E81FB-3C62-4CE6-B2D4-63A0ED7CE006@FreeBSD.org> References: <1382327252.2610.2.camel@localhost> To: Sean Bruno X-Mailer: Apple Mail (2.1510) Cc: freebsd-current@freebsd.org X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Oct 2013 06:44:22 -0000 --Apple-Mail=_C37DAA12-FB1B-465C-8351-3D6534616E64 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii On Oct 21, 2013, at 05:47, Sean Bruno wrote: > There's an unchecked syslog call inside of libssp/ssp.c > > > /usr/src/gnu/lib/libssp/../../../contrib/gcclibs/libssp/ssp.c:137:23: > warning: format string is not a string literal (potentially insecure) > [-Wformat-security] > syslog (LOG_CRIT, msg1); > ^~~~ > 1 warning generated. > /usr/src/gnu/lib/libssp/../../../contrib/gcclibs/libssp/ssp.c:137:23: > warning: format string is not a string literal (potentially insecure) > [-Wformat-security] > syslog (LOG_CRIT, msg1); > > I propose the following change: > > Index: contrib/gcclibs/libssp/ssp.c > =================================================================== > --- contrib/gcclibs/libssp/ssp.c (revision 256712) > +++ contrib/gcclibs/libssp/ssp.c (working copy) > #ifdef HAVE_SYSLOG_H > /* Only send the error to syslog if there was no tty available. */ > else > - syslog (LOG_CRIT, msg3); > + syslog (LOG_CRIT, "%s", msg3); > #endif /* HAVE_SYSLOG_H */ > Heh, this is also still in upstream gcc. :-) It should not be a real security problem, as the fail() function is only ever called twice, with predictable const char arguments. But better safe than sorry, so LGTM. -Dimitry --Apple-Mail=_C37DAA12-FB1B-465C-8351-3D6534616E64 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.20 (Darwin) iEYEARECAAYFAlJkzUIACgkQsF6jCi4glqNCTwCfcIZQeCSmRSW8Fs+1p4fmb0PS sL8An2rfhYE/4R6ywloijuExl2Hkr5Yo =nTf9 -----END PGP SIGNATURE----- --Apple-Mail=_C37DAA12-FB1B-465C-8351-3D6534616E64--