Date: Sun, 20 Oct 2013 23:47:32 -0400 From: Sean Bruno <sean_bruno@yahoo.com> To: "freebsd-current@freebsd.org" <freebsd-current@freebsd.org> Subject: contrib/gcclibs/libssp security warning Message-ID: <1382327252.2610.2.camel@localhost>
index | next in thread | raw e-mail
[-- Attachment #1 --]
There's an unchecked syslog call inside of libssp/ssp.c
/usr/src/gnu/lib/libssp/../../../contrib/gcclibs/libssp/ssp.c:137:23:
warning: format string is not a string literal (potentially insecure)
[-Wformat-security]
syslog (LOG_CRIT, msg1);
^~~~
1 warning generated.
/usr/src/gnu/lib/libssp/../../../contrib/gcclibs/libssp/ssp.c:137:23:
warning: format string is not a string literal (potentially insecure)
[-Wformat-security]
syslog (LOG_CRIT, msg1);
I propose the following change:
Index: contrib/gcclibs/libssp/ssp.c
===================================================================
--- contrib/gcclibs/libssp/ssp.c (revision 256712)
+++ contrib/gcclibs/libssp/ssp.c (working copy)
#ifdef HAVE_SYSLOG_H
/* Only send the error to syslog if there was no tty available. */
else
- syslog (LOG_CRIT, msg3);
+ syslog (LOG_CRIT, "%s", msg3);
#endif /* HAVE_SYSLOG_H */
[-- Attachment #2 --]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (FreeBSD)
iQEcBAABAgAGBQJSZKPUAAoJEBkJRdwI6BaHq0kH/iToLXvto+T1OE8ZOFhHVJW3
0OJSderLrt6TBIRcKlgD5Rdt8YgdqIAlolBLmn6hhLrqLcw82iIa0lH4brEhAFYF
exhtAfa5/GfB+ty+h5Gvu3MG479S6krBQH6UqFwtgjGqTs8gnwQ9V+rRYCPc8Dzb
wyN9M6mF96XOyejhNdNIj7n8Nn0z3hrrJFtDSI+QL2lPTewBRxh/jXabwaGb41w0
9Q6Cuelj8CD0FsKbGWcT9K6JPcGRIsMx8Z2wG5csQ3KVmueUNkT7w3oswwJO88Vi
ViwECsPvljJIzPGpc+64xlOzo9eDSxN02uMONyBuWltSpjokXog+6iNX/sB8kSk=
=nhDc
-----END PGP SIGNATURE-----
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1382327252.2610.2.camel>