Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 13 Aug 2001 17:40:01 -0700
From:      Seth Kingsley <seth.kingsley@windriver.com>
To:        Kris Kennaway <kris@obsecurity.org>, obrien@freebsd.org
Cc:        audit@freebsd.org
Subject:   Re: WFORMAT=1 errors
Message-ID:  <20010813174001.B33585@meow.lab.nuxi.com>
In-Reply-To: <20010810202002.A49763@xor.obsecurity.org>; from kris@obsecurity.org on Fri, Aug 10, 2001 at 08:20:02PM -0700
References:  <20010810182125.A47936@xor.obsecurity.org> <20010810194150.A71696@meow.lab.nuxi.com> <20010810202002.A49763@xor.obsecurity.org>

next in thread | previous in thread | raw e-mail | index | archive | help

--cvVnyQ+4j833TQvp
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Aug 10, 2001 at 08:20:02PM -0700, Kris Kennaway wrote:
> On Fri, Aug 10, 2001 at 07:41:50PM -0700, Seth Kingsley wrote:
> > On Fri, Aug 10, 2001 at 06:21:26PM -0700, Kris Kennaway wrote:
> > >                 In the meantime, does anyone feel like fixing some of
> > > the following from usr.bin/
> >=20
> > I'll take usr.bin/make, I've been working on some other modernizations
> > of it recently.
>=20
> Excellent, thanks!

I'm running into a problem here with format strings that are being used
safely as pointers to string constants, but eliciting warnings because
they are not literal string constants. The following test program should
_not_ cause warnings because of a non-constant format. Unless I am
misunderstanding the purpose of this kind of format parameter auditing,
passing a pointer to string const should be perfectly acceptable. And as
it is used in usr.bin/make, there is obviously no security issue with
this.

#include    <stdio.h>

int
main(void)
{
    const char	*fmt =3D "%s\n";

    printf(fmt, "Hello World");
    return 0;
}

I tried to modify /usr/src/contrib/gcc.295/c-common.c:check_format_info
to test the qualifiers of the string passed instead of merely testing
against it being a string constant. I could not discern how to trace the
parse tree for the format parameter back to the qualifiers used in it's
decleration. This is something that somebody else would be able to
figure out much more readily. If David is not willing to look at this
right now, then maybe I can appeal to the NetBSD people, where this type
of warning option came from?

--=20
|| Seth Kingsley || Platforms Lab Opps || seth.kingsley@windriver.com ||

--cvVnyQ+4j833TQvp
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE7eHNhD1AymFxBOwgRAubDAJwIBZNe23B8AYF1U5M5/jp5KC0JkwCfbvj1
Dh0+XUfInmFuKUIvzF8FH1A=
=tAbw
-----END PGP SIGNATURE-----

--cvVnyQ+4j833TQvp--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010813174001.B33585>