On Oct 21, 2013, at 05:47, Sean Bruno <sean_bruno_at_yahoo.com> wrote: > There's an unchecked syslog call inside of libssp/ssp.c > > > /usr/src/gnu/lib/libssp/../../../contrib/gcclibs/libssp/ssp.c:137:23: > warning: format string is not a string literal (potentially insecure) > [-Wformat-security] > syslog (LOG_CRIT, msg1); > ^~~~ > 1 warning generated. > /usr/src/gnu/lib/libssp/../../../contrib/gcclibs/libssp/ssp.c:137:23: > warning: format string is not a string literal (potentially insecure) > [-Wformat-security] > syslog (LOG_CRIT, msg1); > > I propose the following change: > > Index: contrib/gcclibs/libssp/ssp.c > =================================================================== > --- contrib/gcclibs/libssp/ssp.c (revision 256712) > +++ contrib/gcclibs/libssp/ssp.c (working copy) > #ifdef HAVE_SYSLOG_H > /* Only send the error to syslog if there was no tty available. */ > else > - syslog (LOG_CRIT, msg3); > + syslog (LOG_CRIT, "%s", msg3); > #endif /* HAVE_SYSLOG_H */ > Heh, this is also still in upstream gcc. :-) It should not be a real security problem, as the fail() function is only ever called twice, with predictable const char arguments. But better safe than sorry, so LGTM. -Dimitry
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:43 UTC