diff options
author | Edwin Plauchu <edwin.plauchu.camacho@intel.com> | 2016-05-17 14:25:35 -0500 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2016-05-19 08:39:27 +0100 |
commit | f03c1f41933e9997a01a8b1dcdf9fb18579de1d1 (patch) | |
tree | da949cde2f9a04bf0c921eaa977bb878ab963d9f /meta/recipes-extended/stat/stat-3.3 | |
parent | 074bf42d72ee2f5b155814eb24d52e06e2cebb9e (diff) | |
download | openembedded-core-f03c1f41933e9997a01a8b1dcdf9fb18579de1d1.tar.gz openembedded-core-f03c1f41933e9997a01a8b1dcdf9fb18579de1d1.tar.bz2 openembedded-core-f03c1f41933e9997a01a8b1dcdf9fb18579de1d1.zip |
stat: fix security issues
This patch avoids stat fails to compile with compiler flags which
elevate common string formatting issues into an error (-Wformat
-Wformat-security -Werror=format-security).
[YOCTO #9550]
Signed-off-by: Edwin Plauchu <edwin.plauchu.camacho@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-extended/stat/stat-3.3')
-rw-r--r-- | meta/recipes-extended/stat/stat-3.3/fix-security-format.patch | 68 |
1 files changed, 68 insertions, 0 deletions
diff --git a/meta/recipes-extended/stat/stat-3.3/fix-security-format.patch b/meta/recipes-extended/stat/stat-3.3/fix-security-format.patch new file mode 100644 index 0000000000..0c01ed0383 --- /dev/null +++ b/meta/recipes-extended/stat/stat-3.3/fix-security-format.patch @@ -0,0 +1,68 @@ +stat: Fixing security formatting issues + +Fix security formatting issues related to printf without NULL argument + +stat.c: In function 'print_human_access': +stat.c:292:13: error: format not a string literal and no format arguments [-Werror=format-security] + printf (access); + ^ +stat.c: In function 'print_human_time': +stat.c:299:57: error: format not a string literal and no format arguments [-Werror=format-security] + if (strftime(str, 40, "%c", localtime(t)) > 0) printf(str); + ^ +stat.c: In function 'print_it': +stat.c:613:6: error: format not a string literal and no format arguments [-Werror=format-security] + printf(b); + ^ +stat.c:642:6: error: format not a string literal and no format arguments [-Werror=format-security] + printf(b); + ^ + +[YOCTO #9550] +[https://bugzilla.yoctoproject.org/show_bug.cgi?id=9550] + +Upstream-Status: Pending + +Signed-off-by: Edwin Plauchu <edwin.plauchu.camacho@intel.com> + +diff --git a/stat.c b/stat.c +index 1ed07a9..2be6f62 100644 +--- a/stat.c ++++ b/stat.c +@@ -289,15 +289,15 @@ void print_human_access(struct stat *statbuf) + default: + access[0] = '?'; + } +- printf (access); ++ fputs(access,stdout); + } + + void print_human_time(time_t *t) + { + char str[40]; + +- if (strftime(str, 40, "%c", localtime(t)) > 0) printf(str); +- else printf("Cannot calculate human readable time, sorry"); ++ if (strftime(str, 40, "%c", localtime(t)) > 0) fputs(str,stdout); ++ else fputs("Cannot calculate human readable time, sorry",stdout); + } + + /* print statfs info */ +@@ -610,7 +610,7 @@ void print_it(char *masterformat, char *filename, + { + strcpy (pformat, "%"); + *m++ = '\0'; +- printf(b); ++ fputs(b,stdout); + + /* copy all format specifiers to our format string */ + while (isdigit(*m) || strchr("#0-+. I", *m)) +@@ -639,7 +639,7 @@ void print_it(char *masterformat, char *filename, + } + else + { +- printf(b); ++ fputs(b,stdout); + b = NULL; + } + } |