contrib/gcclibs/libssp security warning

Sean Bruno sean_bruno at yahoo.com
Mon Oct 21 23:07:52 UTC 2013


On Mon, 2013-10-21 at 08:44 +0200, Dimitry Andric wrote:
> On Oct 21, 2013, at 05:47, Sean Bruno <sean_bruno at yahoo.com> wrote:
> > There's an unchecked syslog call inside of libssp/ssp.c 
> > 
> > 
> > /usr/src/gnu/lib/libssp/../../../contrib/gcclibs/libssp/ssp.c:137:23:
> > warning: format string is not a string literal (potentially insecure)
> >      [-Wformat-security]
> >    syslog (LOG_CRIT, msg1);
> >                      ^~~~
> > 1 warning generated.
> > /usr/src/gnu/lib/libssp/../../../contrib/gcclibs/libssp/ssp.c:137:23:
> > warning: format string is not a string literal (potentially insecure)
> >      [-Wformat-security]
> >    syslog (LOG_CRIT, msg1);
> > 
> > I propose the following change:
> > 
> > Index: contrib/gcclibs/libssp/ssp.c
> > ===================================================================
> > --- contrib/gcclibs/libssp/ssp.c        (revision 256712)
> > +++ contrib/gcclibs/libssp/ssp.c        (working copy)
> > #ifdef HAVE_SYSLOG_H
> >   /* Only send the error to syslog if there was no tty available.  */
> >   else
> > -    syslog (LOG_CRIT, msg3);
> > +    syslog (LOG_CRIT, "%s", msg3);
> > #endif /* HAVE_SYSLOG_H */
> > 
> 
> 
> Heh, this is also still in upstream gcc. :-)  It should not be a real
> security problem, as the fail() function is only ever called twice, with
> predictable const char arguments.  But better safe than sorry, so LGTM.
> 
> -Dimitry
> 


done at svn r256866

sean
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: This is a digitally signed message part
URL: <http://lists.freebsd.org/pipermail/freebsd-current/attachments/20131021/f22d3d7f/attachment.sig>


More information about the freebsd-current mailing list