On Sat, Nov 23, 2019 at 11:52:30PM +0100, Tim Duesterhus wrote:
> gcc complains rightfully:
> 
> src/ssl_sock.c: In function ‘ssl_sock_prepare_all_ctx’:
> src/ssl_sock.c:5507:3: warning: format not a string literal and no format 
> arguments [-Wformat-security]
>    ha_warning(errmsg);
>    ^
> src/ssl_sock.c:5509:3: warning: format not a string literal and no format 
> arguments [-Wformat-security]
>    ha_alert(errmsg);
>    ^
> src/ssl_sock.c: In function ‘cli_io_handler_commit_cert’:
> src/ssl_sock.c:10208:3: warning: format not a string literal and no format 
> arguments [-Wformat-security]
>    chunk_appendf(trash, err);
> 
> Introduced in 8b453912ce9a4e1a3b1329efb2af04d1e470852e. Must be backported
> together with that commit.
> ---
>  src/ssl_sock.c | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/src/ssl_sock.c b/src/ssl_sock.c
> index bcfa3e712..53f6c3cd2 100644
> --- a/src/ssl_sock.c
> +++ b/src/ssl_sock.c
> @@ -5504,9 +5504,9 @@ int ssl_sock_prepare_all_ctx(struct bind_conf 
> *bind_conf)
>       }
>  
>       if (errcode & ERR_WARN) {
> -             ha_warning(errmsg);
> +             ha_warning("%s", errmsg);
>       } else if (errcode & ERR_CODE) {
> -             ha_alert(errmsg);
> +             ha_alert("%s", errmsg);
>               err++;
>       }
>  
> @@ -10205,7 +10205,7 @@ end:
>  
>       chunk_appendf(trash, "\n");
>       if (errcode & ERR_WARN)
> -             chunk_appendf(trash, err);
> +             chunk_appendf(trash, "%s", err);
>       chunk_appendf(trash, "Success!\n");
>       if (ci_putchk(si_ic(si), trash) == -1)
>               si_rx_room_blk(si);

Merged, Thanks Tim.

I removed the mention to the backport because it's in master only and mustn't
be backported.

-- 
William Lallemand

Reply via email to