contrib/gcclibs/libssp security warning
Sean Bruno
sean_bruno at yahoo.com
Mon Oct 21 03:50:47 UTC 2013
There's an unchecked syslog call inside of libssp/ssp.c
/usr/src/gnu/lib/libssp/../../../contrib/gcclibs/libssp/ssp.c:137:23:
warning: format string is not a string literal (potentially insecure)
[-Wformat-security]
syslog (LOG_CRIT, msg1);
^~~~
1 warning generated.
/usr/src/gnu/lib/libssp/../../../contrib/gcclibs/libssp/ssp.c:137:23:
warning: format string is not a string literal (potentially insecure)
[-Wformat-security]
syslog (LOG_CRIT, msg1);
I propose the following change:
Index: contrib/gcclibs/libssp/ssp.c
===================================================================
--- contrib/gcclibs/libssp/ssp.c (revision 256712)
+++ contrib/gcclibs/libssp/ssp.c (working copy)
#ifdef HAVE_SYSLOG_H
/* Only send the error to syslog if there was no tty available. */
else
- syslog (LOG_CRIT, msg3);
+ syslog (LOG_CRIT, "%s", msg3);
#endif /* HAVE_SYSLOG_H */
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: This is a digitally signed message part
URL: <http://lists.freebsd.org/pipermail/freebsd-current/attachments/20131020/14679d85/attachment.sig>
More information about the freebsd-current
mailing list