Re: [PATCH] BUG/MINOR: ssl: Stop passing dynamic strings as format arguments
On Wed, Feb 19, 2020 at 11:41:13AM +0100, Tim Duesterhus wrote: > gcc complains rightfully: > > src/ssl_sock.c: In function ‘ssl_load_global_issuers_from_path’: > src/ssl_sock.c:9860:4: warning: format not a string literal and no format > arguments [-Wformat-security] > ha_warning(warn); > ^ > > Introduced in 70df7bf19cebd5593c0abb01923e6c9f72961da6. > --- > src/ssl_sock.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/src/ssl_sock.c b/src/ssl_sock.c > index e30bb8a6c..ade5ffc84 100644 > --- a/src/ssl_sock.c > +++ b/src/ssl_sock.c > @@ -9857,7 +9857,7 @@ static int ssl_load_global_issuers_from_path(char > **args, int section_type, stru > goto next; > ssl_load_global_issuer_from_BIO(in, fp, &warn); > if (warn) { > - ha_warning(warn); > + ha_warning("%s", warn); > free(warn); > warn = NULL; > } > -- > 2.25.0 > Merged, thanks! -- William Lallemand
Re: [PATCH] BUG/MINOR: ssl: Stop passing dynamic strings as format arguments
It happens because we now run ERR=1 in ci builds On Wed, Feb 19, 2020, 3:41 PM Tim Duesterhus wrote: > gcc complains rightfully: > > src/ssl_sock.c: In function ‘ssl_load_global_issuers_from_path’: > src/ssl_sock.c:9860:4: warning: format not a string literal and no format > arguments [-Wformat-security] > ha_warning(warn); > ^ > > Introduced in 70df7bf19cebd5593c0abb01923e6c9f72961da6. > --- > src/ssl_sock.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/src/ssl_sock.c b/src/ssl_sock.c > index e30bb8a6c..ade5ffc84 100644 > --- a/src/ssl_sock.c > +++ b/src/ssl_sock.c > @@ -9857,7 +9857,7 @@ static int ssl_load_global_issuers_from_path(char > **args, int section_type, stru > goto next; > ssl_load_global_issuer_from_BIO(in, fp, &warn); > if (warn) { > - ha_warning(warn); > + ha_warning("%s", warn); > free(warn); > warn = NULL; > } > -- > 2.25.0 > >
[PATCH] BUG/MINOR: ssl: Stop passing dynamic strings as format arguments
gcc complains rightfully: src/ssl_sock.c: In function ‘ssl_load_global_issuers_from_path’: src/ssl_sock.c:9860:4: warning: format not a string literal and no format arguments [-Wformat-security] ha_warning(warn); ^ Introduced in 70df7bf19cebd5593c0abb01923e6c9f72961da6. --- src/ssl_sock.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/ssl_sock.c b/src/ssl_sock.c index e30bb8a6c..ade5ffc84 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -9857,7 +9857,7 @@ static int ssl_load_global_issuers_from_path(char **args, int section_type, stru goto next; ssl_load_global_issuer_from_BIO(in, fp, &warn); if (warn) { - ha_warning(warn); + ha_warning("%s", warn); free(warn); warn = NULL; } -- 2.25.0
Re: [PATCH] BUG/MINOR: ssl: Stop passing dynamic strings as format arguments
William, Am 25.11.19 um 08:57 schrieb William Lallemand: > Merged, Thanks Tim. > > I removed the mention to the backport because it's in master only and mustn't > be backported. > When the other commit is not going to be backported either then that's okay :-) Thanks Tim Düsterhus
Re: [PATCH] BUG/MINOR: ssl: Stop passing dynamic strings as format arguments
On Sat, Nov 23, 2019 at 11:52:30PM +0100, Tim Duesterhus wrote: > gcc complains rightfully: > > src/ssl_sock.c: In function ‘ssl_sock_prepare_all_ctx’: > src/ssl_sock.c:5507:3: warning: format not a string literal and no format > arguments [-Wformat-security] >ha_warning(errmsg); >^ > src/ssl_sock.c:5509:3: warning: format not a string literal and no format > arguments [-Wformat-security] >ha_alert(errmsg); >^ > src/ssl_sock.c: In function ‘cli_io_handler_commit_cert’: > src/ssl_sock.c:10208:3: warning: format not a string literal and no format > arguments [-Wformat-security] >chunk_appendf(trash, err); > > Introduced in 8b453912ce9a4e1a3b1329efb2af04d1e470852e. Must be backported > together with that commit. > --- > src/ssl_sock.c | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > > diff --git a/src/ssl_sock.c b/src/ssl_sock.c > index bcfa3e712..53f6c3cd2 100644 > --- a/src/ssl_sock.c > +++ b/src/ssl_sock.c > @@ -5504,9 +5504,9 @@ int ssl_sock_prepare_all_ctx(struct bind_conf > *bind_conf) > } > > if (errcode & ERR_WARN) { > - ha_warning(errmsg); > + ha_warning("%s", errmsg); > } else if (errcode & ERR_CODE) { > - ha_alert(errmsg); > + ha_alert("%s", errmsg); > err++; > } > > @@ -10205,7 +10205,7 @@ end: > > chunk_appendf(trash, "\n"); > if (errcode & ERR_WARN) > - chunk_appendf(trash, err); > + chunk_appendf(trash, "%s", err); > chunk_appendf(trash, "Success!\n"); > if (ci_putchk(si_ic(si), trash) == -1) > si_rx_room_blk(si); Merged, Thanks Tim. I removed the mention to the backport because it's in master only and mustn't be backported. -- William Lallemand
[PATCH] BUG/MINOR: ssl: Stop passing dynamic strings as format arguments
gcc complains rightfully: src/ssl_sock.c: In function ‘ssl_sock_prepare_all_ctx’: src/ssl_sock.c:5507:3: warning: format not a string literal and no format arguments [-Wformat-security] ha_warning(errmsg); ^ src/ssl_sock.c:5509:3: warning: format not a string literal and no format arguments [-Wformat-security] ha_alert(errmsg); ^ src/ssl_sock.c: In function ‘cli_io_handler_commit_cert’: src/ssl_sock.c:10208:3: warning: format not a string literal and no format arguments [-Wformat-security] chunk_appendf(trash, err); Introduced in 8b453912ce9a4e1a3b1329efb2af04d1e470852e. Must be backported together with that commit. --- src/ssl_sock.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/ssl_sock.c b/src/ssl_sock.c index bcfa3e712..53f6c3cd2 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -5504,9 +5504,9 @@ int ssl_sock_prepare_all_ctx(struct bind_conf *bind_conf) } if (errcode & ERR_WARN) { - ha_warning(errmsg); + ha_warning("%s", errmsg); } else if (errcode & ERR_CODE) { - ha_alert(errmsg); + ha_alert("%s", errmsg); err++; } @@ -10205,7 +10205,7 @@ end: chunk_appendf(trash, "\n"); if (errcode & ERR_WARN) - chunk_appendf(trash, err); + chunk_appendf(trash, "%s", err); chunk_appendf(trash, "Success!\n"); if (ci_putchk(si_ic(si), trash) == -1) si_rx_room_blk(si); -- 2.24.0