[SSSD] [sssd PR#89][comment] nss: rewrite nss responder so it uses cache_req

lslebodn Tue, 29 Nov 2016 09:12:14 -0800

  URL: https://github.com/SSSD/sssd/pull/89
Title: #89: nss: rewrite nss responder so it uses cache_req


lslebodn commented:
"""
There is a Wformat-security warning and therefore mock build failed on fedora
```
src/db/sysdb_ops.c: In function ‘sysdb_search_object_attr’:
src/db/sysdb_ops.c:4503:22: error: format not a string literal and no format 
arguments [-Werror=format-security]
                      LDB_SCOPE_SUBTREE, attrs?attrs:def_attrs, filter);
                      ^~~~~~~~~~~~~~~~~
```

The solution is quite simple
```
diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c
index 4150c33..e8ecdeb 100644
--- a/src/db/sysdb_ops.c
+++ b/src/db/sysdb_ops.c
@@ -4500,7 +4500,7 @@ static errno_t sysdb_search_object_attr(TALLOC_CTX 
*mem_ctx,
     }
 
     ret = ldb_search(domain->sysdb->ldb, tmp_ctx, &res, basedn,
-                     LDB_SCOPE_SUBTREE, attrs?attrs:def_attrs, filter);
+                     LDB_SCOPE_SUBTREE, attrs?attrs:def_attrs, "%s", filter);
     if (ret != EOK) {
         ret = sysdb_error_to_errno(ret);
         DEBUG(SSSDBG_OP_FAILURE, "ldb_search failed.\n");
```
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/89#issuecomment-263633818

_______________________________________________
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#89][comment] nss: rewrite nss responder so it uses cache_req

Reply via email to