summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNiels de Vos <ndevos@redhat.com>2012-12-14 10:48:46 +0100
committerAnand Avati <avati@redhat.com>2013-01-16 17:44:43 -0800
commitb9249c8f9f838c2a9c28e5c09fffddc9c8917df6 (patch)
tree0bb5a1010f0b4f575f7f48e700be5184e21c482c
parentfba70e641eb52c90fa29fc26d916e4607e286779 (diff)
Fix format security errors with hardening build flags
These problems were found while building with the hardening options used by Debian. In order to prevent introducing new unsafe constructs, the options -Wformat" and -Werror=format-security are addeded to the CFLAGS by configure.ac if the compiler supports them. Also, a small spelling fix in posix-aio.c is included. Change-Id: I1034311644fa3c21bc5a7b842c41a3ca79108b3f BUG: 887278 Original-author: Patrick Matthäi <pmatthaei@debian.org> Signed-off-by: Niels de Vos <ndevos@redhat.com> Reviewed-on: http://review.gluster.org/4311 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Kaleb KEITHLEY <kkeithle@redhat.com> Reviewed-by: Anand Avati <avati@redhat.com>
-rw-r--r--cli/src/cli.c4
-rw-r--r--configure.ac12
-rw-r--r--xlators/mgmt/glusterd/src/glusterd-handler.c6
-rw-r--r--xlators/mgmt/glusterd/src/glusterd-op-sm.c4
-rw-r--r--xlators/mgmt/glusterd/src/glusterd-replace-brick.c4
-rw-r--r--xlators/storage/posix/src/posix-aio.c2
6 files changed, 22 insertions, 10 deletions
diff --git a/cli/src/cli.c b/cli/src/cli.c
index a2457c2b..4ff17280 100644
--- a/cli/src/cli.c
+++ b/cli/src/cli.c
@@ -298,12 +298,12 @@ cli_opt_parse (char *opt, struct cli_state *state)
return 1;
if (strcmp (opt, "version") == 0) {
- cli_out (argp_program_version);
+ cli_out ("%s", argp_program_version);
exit (0);
}
if (strcmp (opt, "print-logdir") == 0) {
- cli_out (DEFAULT_LOG_FILE_DIRECTORY);
+ cli_out ("%s", DEFAULT_LOG_FILE_DIRECTORY);
exit (0);
}
diff --git a/configure.ac b/configure.ac
index dec146e5..3f87a46a 100644
--- a/configure.ac
+++ b/configure.ac
@@ -523,6 +523,18 @@ GF_HOST_OS=""
GF_LDFLAGS="-rdynamic"
CFLAGS="-g"
+# check for gcc -Werror=format-security
+saved_CFLAGS=$CFLAGS
+CFLAGS="-Wformat -Werror=format-security"
+AC_MSG_CHECKING([whether $CC accepts -Werror=format-security])
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM()], [cc_werror_format_security=yes], [cc_werror_format_security=no])
+echo $cc_werror_format_security
+if test "x$cc_werror_format_security" = "xno"; then
+ CFLAGS="$saved_CFLAGS"
+else
+ CFLAGS="$saved_CFLAGS $CFLAGS"
+fi
+
case $host_os in
linux*)
dnl GF_LINUX_HOST_OS=1
diff --git a/xlators/mgmt/glusterd/src/glusterd-handler.c b/xlators/mgmt/glusterd/src/glusterd-handler.c
index fe85eb39..d4bdcd74 100644
--- a/xlators/mgmt/glusterd/src/glusterd-handler.c
+++ b/xlators/mgmt/glusterd/src/glusterd-handler.c
@@ -1070,7 +1070,7 @@ glusterd_handle_cli_uuid_reset (rpcsvc_request_t *req)
snprintf (msg_str, sizeof (msg_str), "volumes are already "
"present in the cluster. Resetting uuid is not "
"allowed");
- gf_log (this->name, GF_LOG_WARNING, msg_str);
+ gf_log (this->name, GF_LOG_WARNING, "%s", msg_str);
goto out;
}
@@ -1079,7 +1079,7 @@ glusterd_handle_cli_uuid_reset (rpcsvc_request_t *req)
snprintf (msg_str, sizeof (msg_str),"trusted storage pool "
"has been already formed. Please detach this peer "
"from the pool and reset its uuid.");
- gf_log (this->name, GF_LOG_WARNING, msg_str);
+ gf_log (this->name, GF_LOG_WARNING, "%s", msg_str);
goto out;
}
@@ -1089,7 +1089,7 @@ glusterd_handle_cli_uuid_reset (rpcsvc_request_t *req)
if (!uuid_compare (uuid, MY_UUID)) {
snprintf (msg_str, sizeof (msg_str), "old uuid and the new uuid"
" are same. Try gluster peer reset again");
- gf_log (this->name, GF_LOG_ERROR, msg_str);
+ gf_log (this->name, GF_LOG_ERROR, "%s", msg_str);
ret = -1;
goto out;
}
diff --git a/xlators/mgmt/glusterd/src/glusterd-op-sm.c b/xlators/mgmt/glusterd/src/glusterd-op-sm.c
index 6ef0b21c..69e6fad8 100644
--- a/xlators/mgmt/glusterd/src/glusterd-op-sm.c
+++ b/xlators/mgmt/glusterd/src/glusterd-op-sm.c
@@ -1431,7 +1431,7 @@ glusterd_op_set_volume (dict_t *dict)
if (ret) {
op_errstr = (op_errstr)? op_errstr:
"Volume set help internal error";
- gf_log (this->name, GF_LOG_ERROR, op_errstr);
+ gf_log (this->name, GF_LOG_ERROR, "%s", op_errstr);
}
goto out;
}
@@ -2678,7 +2678,7 @@ glusterd_op_ac_send_stage_op (glusterd_op_sm_event_t *event, void *ctx)
ret = glusterd_op_validate_quorum (this, op, dict, &op_errstr);
if (ret) {
- gf_log (this->name, GF_LOG_ERROR, op_errstr);
+ gf_log (this->name, GF_LOG_ERROR, "%s", op_errstr);
opinfo.op_errstr = op_errstr;
goto out;
}
diff --git a/xlators/mgmt/glusterd/src/glusterd-replace-brick.c b/xlators/mgmt/glusterd/src/glusterd-replace-brick.c
index 7e4d8c78..c57be519 100644
--- a/xlators/mgmt/glusterd/src/glusterd-replace-brick.c
+++ b/xlators/mgmt/glusterd/src/glusterd-replace-brick.c
@@ -321,7 +321,7 @@ glusterd_op_stage_replace_brick (dict_t *dict, char **op_errstr,
if (glusterd_is_rb_started (volinfo)) {
snprintf (msg, sizeof (msg), "Replace brick is already "
"started for volume");
- gf_log (this->name, GF_LOG_ERROR, msg);
+ gf_log (this->name, GF_LOG_ERROR, "%s", msg);
*op_errstr = gf_strdup (msg);
ret = -1;
goto out;
@@ -487,7 +487,7 @@ glusterd_op_stage_replace_brick (dict_t *dict, char **op_errstr,
if (ret) {
*op_errstr = gf_strdup (msg);
ret = -1;
- gf_log (this->name, GF_LOG_ERROR, *op_errstr);
+ gf_log (this->name, GF_LOG_ERROR, "%s", *op_errstr);
goto out;
}
diff --git a/xlators/storage/posix/src/posix-aio.c b/xlators/storage/posix/src/posix-aio.c
index f807618c..fad4a7df 100644
--- a/xlators/storage/posix/src/posix-aio.c
+++ b/xlators/storage/posix/src/posix-aio.c
@@ -566,7 +566,7 @@ __posix_fd_set_odirect (fd_t *fd, struct posix_fd *pfd, int opflags,
{
xlator_t *this = THIS;
gf_log (this->name, GF_LOG_INFO,
- "Linux AIO not availble at build-time."
+ "Linux AIO not available at build-time."
" Continuing with synchronous IO");
return;
}