summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNiels de Vos <ndevos@redhat.com>2012-12-14 10:48:46 +0100
committerAnand Avati <avati@redhat.com>2013-01-16 17:44:43 -0800
commitb9249c8f9f838c2a9c28e5c09fffddc9c8917df6 (patch)
tree0bb5a1010f0b4f575f7f48e700be5184e21c482c
parentfba70e641eb52c90fa29fc26d916e4607e286779 (diff)
Fix format security errors with hardening build flags
These problems were found while building with the hardening options used by Debian. In order to prevent introducing new unsafe constructs, the options -Wformat" and -Werror=format-security are addeded to the CFLAGS by configure.ac if the compiler supports them. Also, a small spelling fix in posix-aio.c is included. Change-Id: I1034311644fa3c21bc5a7b842c41a3ca79108b3f BUG: 887278 Original-author: Patrick Matthäi <pmatthaei@debian.org> Signed-off-by: Niels de Vos <ndevos@redhat.com> Reviewed-on: http://review.gluster.org/4311 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Kaleb KEITHLEY <kkeithle@redhat.com> Reviewed-by: Anand Avati <avati@redhat.com>
-rw-r--r--cli/src/cli.c4
-rw-r--r--configure.ac12
-rw-r--r--xlators/mgmt/glusterd/src/glusterd-handler.c6
-rw-r--r--xlators/mgmt/glusterd/src/glusterd-op-sm.c4
-rw-r--r--xlators/mgmt/glusterd/src/glusterd-replace-brick.c4
-rw-r--r--xlators/storage/posix/src/posix-aio.c2
6 files changed, 22 insertions, 10 deletions
diff --git a/cli/src/cli.c b/cli/src/cli.c
index a2457c2b6..4ff172805 100644
--- a/cli/src/cli.c
+++ b/cli/src/cli.c
@@ -298,12 +298,12 @@ cli_opt_parse (char *opt, struct cli_state *state)
return 1;
if (strcmp (opt, "version") == 0) {
- cli_out (argp_program_version);
+ cli_out ("%s", argp_program_version);
exit (0);
}
if (strcmp (opt, "print-logdir") == 0) {
- cli_out (DEFAULT_LOG_FILE_DIRECTORY);
+ cli_out ("%s", DEFAULT_LOG_FILE_DIRECTORY);
exit (0);
}
diff --git a/configure.ac b/configure.ac
index dec146e52..3f87a46a0 100644
--- a/configure.ac
+++ b/configure.ac
@@ -523,6 +523,18 @@ GF_HOST_OS=""
GF_LDFLAGS="-rdynamic"
CFLAGS="-g"
+# check for gcc -Werror=format-security
+saved_CFLAGS=$CFLAGS
+CFLAGS="-Wformat -Werror=format-security"
+AC_MSG_CHECKING([whether $CC accepts -Werror=format-security])
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM()], [cc_werror_format_security=yes], [cc_werror_format_security=no])
+echo $cc_werror_format_security
+if test "x$cc_werror_format_security" = "xno"; then
+ CFLAGS="$saved_CFLAGS"
+else
+ CFLAGS="$saved_CFLAGS $CFLAGS"
+fi
+
case $host_os in
linux*)
dnl GF_LINUX_HOST_OS=1
diff --git a/xlators/mgmt/glusterd/src/glusterd-handler.c b/xlators/mgmt/glusterd/src/glusterd-handler.c
index fe85eb397..d4bdcd740 100644
--- a/xlators/mgmt/glusterd/src/glusterd-handler.c
+++ b/xlators/mgmt/glusterd/src/glusterd-handler.c
@@ -1070,7 +1070,7 @@ glusterd_handle_cli_uuid_reset (rpcsvc_request_t *req)
snprintf (msg_str, sizeof (msg_str), "volumes are already "
"present in the cluster. Resetting uuid is not "
"allowed");
- gf_log (this->name, GF_LOG_WARNING, msg_str);
+ gf_log (this->name, GF_LOG_WARNING, "%s", msg_str);
goto out;
}
@@ -1079,7 +1079,7 @@ glusterd_handle_cli_uuid_reset (rpcsvc_request_t *req)
snprintf (msg_str, sizeof (msg_str),"trusted storage pool "
"has been already formed. Please detach this peer "
"from the pool and reset its uuid.");
- gf_log (this->name, GF_LOG_WARNING, msg_str);
+ gf_log (this->name, GF_LOG_WARNING, "%s", msg_str);
goto out;
}
@@ -1089,7 +1089,7 @@ glusterd_handle_cli_uuid_reset (rpcsvc_request_t *req)
if (!uuid_compare (uuid, MY_UUID)) {
snprintf (msg_str, sizeof (msg_str), "old uuid and the new uuid"
" are same. Try gluster peer reset again");
- gf_log (this->name, GF_LOG_ERROR, msg_str);
+ gf_log (this->name, GF_LOG_ERROR, "%s", msg_str);
ret = -1;
goto out;
}
diff --git a/xlators/mgmt/glusterd/src/glusterd-op-sm.c b/xlators/mgmt/glusterd/src/glusterd-op-sm.c
index 6ef0b21c5..69e6fad85 100644
--- a/xlators/mgmt/glusterd/src/glusterd-op-sm.c
+++ b/xlators/mgmt/glusterd/src/glusterd-op-sm.c
@@ -1431,7 +1431,7 @@ glusterd_op_set_volume (dict_t *dict)
if (ret) {
op_errstr = (op_errstr)? op_errstr:
"Volume set help internal error";
- gf_log (this->name, GF_LOG_ERROR, op_errstr);
+ gf_log (this->name, GF_LOG_ERROR, "%s", op_errstr);
}
goto out;
}
@@ -2678,7 +2678,7 @@ glusterd_op_ac_send_stage_op (glusterd_op_sm_event_t *event, void *ctx)
ret = glusterd_op_validate_quorum (this, op, dict, &op_errstr);
if (ret) {
- gf_log (this->name, GF_LOG_ERROR, op_errstr);
+ gf_log (this->name, GF_LOG_ERROR, "%s", op_errstr);
opinfo.op_errstr = op_errstr;
goto out;
}
diff --git a/xlators/mgmt/glusterd/src/glusterd-replace-brick.c b/xlators/mgmt/glusterd/src/glusterd-replace-brick.c
index 7e4d8c78b..c57be5196 100644
--- a/xlators/mgmt/glusterd/src/glusterd-replace-brick.c
+++ b/xlators/mgmt/glusterd/src/glusterd-replace-brick.c
@@ -321,7 +321,7 @@ glusterd_op_stage_replace_brick (dict_t *dict, char **op_errstr,
if (glusterd_is_rb_started (volinfo)) {
snprintf (msg, sizeof (msg), "Replace brick is already "
"started for volume");
- gf_log (this->name, GF_LOG_ERROR, msg);
+ gf_log (this->name, GF_LOG_ERROR, "%s", msg);
*op_errstr = gf_strdup (msg);
ret = -1;
goto out;
@@ -487,7 +487,7 @@ glusterd_op_stage_replace_brick (dict_t *dict, char **op_errstr,
if (ret) {
*op_errstr = gf_strdup (msg);
ret = -1;
- gf_log (this->name, GF_LOG_ERROR, *op_errstr);
+ gf_log (this->name, GF_LOG_ERROR, "%s", *op_errstr);
goto out;
}
diff --git a/xlators/storage/posix/src/posix-aio.c b/xlators/storage/posix/src/posix-aio.c
index f807618ce..fad4a7df3 100644
--- a/xlators/storage/posix/src/posix-aio.c
+++ b/xlators/storage/posix/src/posix-aio.c
@@ -566,7 +566,7 @@ __posix_fd_set_odirect (fd_t *fd, struct posix_fd *pfd, int opflags,
{
xlator_t *this = THIS;
gf_log (this->name, GF_LOG_INFO,
- "Linux AIO not availble at build-time."
+ "Linux AIO not available at build-time."
" Continuing with synchronous IO");
return;
}