Home Esplora Aiuto
Registrati Accedi
Apq
/
389-ds-base
mirror da https://github.com/389ds/389-ds-base.git
1
0
Forka 0
File Problemi 0 Wiki
Sfoglia il codice sorgente

Ticket 47968 - Fix for format string in syslog.

Bug Description:  There is a format string error in log.c's usage of syslog (3).
This was detected in the RPM build which applies different settings.

Fix Description:  Fix the format string to be safe. Add the format string check
to the gcc-security check so that we can test for this.

https://fedorahosted.org/389/ticket/47968

Author: wibrown

Review by: One line rule.
William Brown 9 anni fa
parent
7cf83ac9d3
commit
be8c06333c
3 ha cambiato i file con 6 aggiunte e 6 eliminazioni
Visualizzazione separata Mostra Diff Stats
  1. 2 2
      configure
  2. 2 2
      configure.ac
  3. 2 2
      ldap/servers/slapd/log.c

+ 2 - 2
configure
Vedi File 

@@ -17737,9 +17737,9 @@ if test "${enable_gcc_security+set}" = set; then :
 
   { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
 
 $as_echo "yes" >&6; }
 
   if test -z "$RPM_HARDEND_CC_TRUE"; then :
 
-   gccsec_defs="-Wall -Wp,-D_FORITY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 "
 
+   gccsec_defs="-Wall -Wp,-D_FORITY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -Werror=format-security -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 "
 
 else
 
-   gccsec_defs="-Wall -Wp,-D_FORITY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches"
 
+   gccsec_defs="-Wall -Wp,-D_FORITY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -Werror=format-security"
 
 
 fi

+ 2 - 2
configure.ac
Vedi File 

@@ -95,8 +95,8 @@ AC_ARG_ENABLE(gcc-security, AS_HELP_STRING([--enable-gcc-security], [Enable gcc
 
 [
 
   AC_MSG_RESULT(yes)
 
   AM_COND_IF([RPM_HARDEND_CC],
 
-  [ gccsec_defs="-Wall -Wp,-D_FORITY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 " ],
 
-  [ gccsec_defs="-Wall -Wp,-D_FORITY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches" ]
 
+  [ gccsec_defs="-Wall -Wp,-D_FORITY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -Werror=format-security -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 " ],
 
+  [ gccsec_defs="-Wall -Wp,-D_FORITY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -Werror=format-security" ]
 
   )
 
 ],
 
 [

+ 2 - 2
ldap/servers/slapd/log.c
Vedi File 

@@ -1981,7 +1981,7 @@ slapd_log_audit (
 
     }
 
     if (lbackend & LOGGING_BACKEND_SYSLOG) {
 
         /* This returns void, so we hope it worked */
 
-        syslog(LOG_NOTICE, buffer);
 
+        syslog(LOG_NOTICE, "%s", buffer);
 
     }
 
 #ifdef WITH_SYSTEMD
 
     if (lbackend & LOGGING_BACKEND_JOURNALD) {
 
@@ -2040,7 +2040,7 @@ slapd_log_auditfail (
 
     }
 
     if (lbackend & LOGGING_BACKEND_SYSLOG) {
 
         /* This returns void, so we hope it worked */
 
-        syslog(LOG_NOTICE, buffer);
 
+        syslog(LOG_NOTICE, "%s", buffer);
 
     }
 
 #ifdef WITH_SYSTEMD
 
     if (lbackend & LOGGING_BACKEND_JOURNALD) {