On Oct 21, 2013, at 05:47, Sean Bruno <sean_br...@yahoo.com> wrote: > There's an unchecked syslog call inside of libssp/ssp.c > > > /usr/src/gnu/lib/libssp/../../../contrib/gcclibs/libssp/ssp.c:137:23: > warning: format string is not a string literal (potentially insecure) > [-Wformat-security] > syslog (LOG_CRIT, msg1); > ^~~~ > 1 warning generated. > /usr/src/gnu/lib/libssp/../../../contrib/gcclibs/libssp/ssp.c:137:23: > warning: format string is not a string literal (potentially insecure) > [-Wformat-security] > syslog (LOG_CRIT, msg1); > > I propose the following change: > > Index: contrib/gcclibs/libssp/ssp.c > =================================================================== > --- contrib/gcclibs/libssp/ssp.c (revision 256712) > +++ contrib/gcclibs/libssp/ssp.c (working copy) > #ifdef HAVE_SYSLOG_H > /* Only send the error to syslog if there was no tty available. */ > else > - syslog (LOG_CRIT, msg3); > + syslog (LOG_CRIT, "%s", msg3); > #endif /* HAVE_SYSLOG_H */ >
Heh, this is also still in upstream gcc. :-) It should not be a real security problem, as the fail() function is only ever called twice, with predictable const char arguments. But better safe than sorry, so LGTM. -Dimitry
signature.asc
Description: Message signed with OpenPGP using GPGMail