From b9249c8f9f838c2a9c28e5c09fffddc9c8917df6 Mon Sep 17 00:00:00 2001 From: Niels de Vos Date: Fri, 14 Dec 2012 10:48:46 +0100 Subject: Fix format security errors with hardening build flags MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit These problems were found while building with the hardening options used by Debian. In order to prevent introducing new unsafe constructs, the options -Wformat" and -Werror=format-security are addeded to the CFLAGS by configure.ac if the compiler supports them. Also, a small spelling fix in posix-aio.c is included. Change-Id: I1034311644fa3c21bc5a7b842c41a3ca79108b3f BUG: 887278 Original-author: Patrick Matthäi Signed-off-by: Niels de Vos Reviewed-on: http://review.gluster.org/4311 Tested-by: Gluster Build System Reviewed-by: Kaleb KEITHLEY Reviewed-by: Anand Avati --- cli/src/cli.c | 4 ++-- configure.ac | 12 ++++++++++++ xlators/mgmt/glusterd/src/glusterd-handler.c | 6 +++--- xlators/mgmt/glusterd/src/glusterd-op-sm.c | 4 ++-- xlators/mgmt/glusterd/src/glusterd-replace-brick.c | 4 ++-- xlators/storage/posix/src/posix-aio.c | 2 +- 6 files changed, 22 insertions(+), 10 deletions(-) diff --git a/cli/src/cli.c b/cli/src/cli.c index a2457c2b6..4ff172805 100644 --- a/cli/src/cli.c +++ b/cli/src/cli.c @@ -298,12 +298,12 @@ cli_opt_parse (char *opt, struct cli_state *state) return 1; if (strcmp (opt, "version") == 0) { - cli_out (argp_program_version); + cli_out ("%s", argp_program_version); exit (0); } if (strcmp (opt, "print-logdir") == 0) { - cli_out (DEFAULT_LOG_FILE_DIRECTORY); + cli_out ("%s", DEFAULT_LOG_FILE_DIRECTORY); exit (0); } diff --git a/configure.ac b/configure.ac index dec146e52..3f87a46a0 100644 --- a/configure.ac +++ b/configure.ac @@ -523,6 +523,18 @@ GF_HOST_OS="" GF_LDFLAGS="-rdynamic" CFLAGS="-g" +# check for gcc -Werror=format-security +saved_CFLAGS=$CFLAGS +CFLAGS="-Wformat -Werror=format-security" +AC_MSG_CHECKING([whether $CC accepts -Werror=format-security]) +AC_COMPILE_IFELSE([AC_LANG_PROGRAM()], [cc_werror_format_security=yes], [cc_werror_format_security=no]) +echo $cc_werror_format_security +if test "x$cc_werror_format_security" = "xno"; then + CFLAGS="$saved_CFLAGS" +else + CFLAGS="$saved_CFLAGS $CFLAGS" +fi + case $host_os in linux*) dnl GF_LINUX_HOST_OS=1 diff --git a/xlators/mgmt/glusterd/src/glusterd-handler.c b/xlators/mgmt/glusterd/src/glusterd-handler.c index fe85eb397..d4bdcd740 100644 --- a/xlators/mgmt/glusterd/src/glusterd-handler.c +++ b/xlators/mgmt/glusterd/src/glusterd-handler.c @@ -1070,7 +1070,7 @@ glusterd_handle_cli_uuid_reset (rpcsvc_request_t *req) snprintf (msg_str, sizeof (msg_str), "volumes are already " "present in the cluster. Resetting uuid is not " "allowed"); - gf_log (this->name, GF_LOG_WARNING, msg_str); + gf_log (this->name, GF_LOG_WARNING, "%s", msg_str); goto out; } @@ -1079,7 +1079,7 @@ glusterd_handle_cli_uuid_reset (rpcsvc_request_t *req) snprintf (msg_str, sizeof (msg_str),"trusted storage pool " "has been already formed. Please detach this peer " "from the pool and reset its uuid."); - gf_log (this->name, GF_LOG_WARNING, msg_str); + gf_log (this->name, GF_LOG_WARNING, "%s", msg_str); goto out; } @@ -1089,7 +1089,7 @@ glusterd_handle_cli_uuid_reset (rpcsvc_request_t *req) if (!uuid_compare (uuid, MY_UUID)) { snprintf (msg_str, sizeof (msg_str), "old uuid and the new uuid" " are same. Try gluster peer reset again"); - gf_log (this->name, GF_LOG_ERROR, msg_str); + gf_log (this->name, GF_LOG_ERROR, "%s", msg_str); ret = -1; goto out; } diff --git a/xlators/mgmt/glusterd/src/glusterd-op-sm.c b/xlators/mgmt/glusterd/src/glusterd-op-sm.c index 6ef0b21c5..69e6fad85 100644 --- a/xlators/mgmt/glusterd/src/glusterd-op-sm.c +++ b/xlators/mgmt/glusterd/src/glusterd-op-sm.c @@ -1431,7 +1431,7 @@ glusterd_op_set_volume (dict_t *dict) if (ret) { op_errstr = (op_errstr)? op_errstr: "Volume set help internal error"; - gf_log (this->name, GF_LOG_ERROR, op_errstr); + gf_log (this->name, GF_LOG_ERROR, "%s", op_errstr); } goto out; } @@ -2678,7 +2678,7 @@ glusterd_op_ac_send_stage_op (glusterd_op_sm_event_t *event, void *ctx) ret = glusterd_op_validate_quorum (this, op, dict, &op_errstr); if (ret) { - gf_log (this->name, GF_LOG_ERROR, op_errstr); + gf_log (this->name, GF_LOG_ERROR, "%s", op_errstr); opinfo.op_errstr = op_errstr; goto out; } diff --git a/xlators/mgmt/glusterd/src/glusterd-replace-brick.c b/xlators/mgmt/glusterd/src/glusterd-replace-brick.c index 7e4d8c78b..c57be5196 100644 --- a/xlators/mgmt/glusterd/src/glusterd-replace-brick.c +++ b/xlators/mgmt/glusterd/src/glusterd-replace-brick.c @@ -321,7 +321,7 @@ glusterd_op_stage_replace_brick (dict_t *dict, char **op_errstr, if (glusterd_is_rb_started (volinfo)) { snprintf (msg, sizeof (msg), "Replace brick is already " "started for volume"); - gf_log (this->name, GF_LOG_ERROR, msg); + gf_log (this->name, GF_LOG_ERROR, "%s", msg); *op_errstr = gf_strdup (msg); ret = -1; goto out; @@ -487,7 +487,7 @@ glusterd_op_stage_replace_brick (dict_t *dict, char **op_errstr, if (ret) { *op_errstr = gf_strdup (msg); ret = -1; - gf_log (this->name, GF_LOG_ERROR, *op_errstr); + gf_log (this->name, GF_LOG_ERROR, "%s", *op_errstr); goto out; } diff --git a/xlators/storage/posix/src/posix-aio.c b/xlators/storage/posix/src/posix-aio.c index f807618ce..fad4a7df3 100644 --- a/xlators/storage/posix/src/posix-aio.c +++ b/xlators/storage/posix/src/posix-aio.c @@ -566,7 +566,7 @@ __posix_fd_set_odirect (fd_t *fd, struct posix_fd *pfd, int opflags, { xlator_t *this = THIS; gf_log (this->name, GF_LOG_INFO, - "Linux AIO not availble at build-time." + "Linux AIO not available at build-time." " Continuing with synchronous IO"); return; } -- cgit