Skip to content

L
lxc
Unverified Commit d07545c7 by Christian Brauner
Options

compiler: -Wformat=2 hardening

Enable -Wformat plus additional format checks. Currently equivalent to -Wformat -Wformat-nonliteral -Wformat-security -Wformat-y2k. Signed-off-by: 's avatarChristian Brauner <christian.brauner@ubuntu.com>
parent 42a2ab35
Showing with 46 additions and 27 deletions
configure.ac
...@@ -709,6 +709,8 @@ AX_CHECK_COMPILE_FLAG([-Wfloat-equal], [CFLAGS="$CFLAGS -Wfloat-equal"],,[-Werro ...@@ -709,6 +709,8 @@ AX_CHECK_COMPILE_FLAG([-Wfloat-equal], [CFLAGS="$CFLAGS -Wfloat-equal"],,[-Werro
AX_CHECK_COMPILE_FLAG([-Wsuggest-attribute=noreturn], [CFLAGS="$CFLAGS -Wsuggest-attribute=noreturn"],,[-Werror]) AX_CHECK_COMPILE_FLAG([-Wsuggest-attribute=noreturn], [CFLAGS="$CFLAGS -Wsuggest-attribute=noreturn"],,[-Werror])
AX_CHECK_COMPILE_FLAG([-Werror=return-type], [CFLAGS="$CFLAGS -Werror=return-type"],,[-Werror]) AX_CHECK_COMPILE_FLAG([-Werror=return-type], [CFLAGS="$CFLAGS -Werror=return-type"],,[-Werror])
AX_CHECK_COMPILE_FLAG([-Werror=incompatible-pointer-types], [CFLAGS="$CFLAGS -Werror=incompatible-pointer-types"],,[-Werror]) AX_CHECK_COMPILE_FLAG([-Werror=incompatible-pointer-types], [CFLAGS="$CFLAGS -Werror=incompatible-pointer-types"],,[-Werror])
AX_CHECK_COMPILE_FLAG([-Wformat=2], [CFLAGS="$CFLAGS -Wformat=2"],,[-Werror])
AX_CHECK_COMPILE_FLAG([-Wshadow], [CFLAGS="$CFLAGS -Wshadow"],,[-Werror])
AX_CHECK_LINK_FLAG([-z relro], [LDLAGS="$LDLAGS -z relro"],,[]) AX_CHECK_LINK_FLAG([-z relro], [LDLAGS="$LDLAGS -z relro"],,[])
AX_CHECK_LINK_FLAG([-z now], [LDLAGS="$LDLAGS -z now"],,[]) AX_CHECK_LINK_FLAG([-z now], [LDLAGS="$LDLAGS -z now"],,[])
......
src/lxc/criu.c
...@@ -388,7 +388,7 @@ static void exec_criu(struct cgroup_ops *cgroup_ops, struct lxc_conf *conf, ...@@ -388,7 +388,7 @@ static void exec_criu(struct cgroup_ops *cgroup_ops, struct lxc_conf *conf,
goto err; goto err;
while (getmntent_r(mnts, &mntent, buf, sizeof(buf))) { while (getmntent_r(mnts, &mntent, buf, sizeof(buf))) {
char *fmt, *key, *val, *mntdata; char *mntdata;
char arg[2 * PATH_MAX + 2]; char arg[2 * PATH_MAX + 2];
unsigned long flags; unsigned long flags;
...@@ -401,17 +401,12 @@ static void exec_criu(struct cgroup_ops *cgroup_ops, struct lxc_conf *conf, ...@@ -401,17 +401,12 @@ static void exec_criu(struct cgroup_ops *cgroup_ops, struct lxc_conf *conf,
if (!(flags & MS_BIND)) if (!(flags & MS_BIND))
continue; continue;
if (strcmp(opts->action, "dump") == 0) { if (strcmp(opts->action, "dump") == 0)
fmt = "/%s:%s"; ret = snprintf(arg, sizeof(arg), "/%s:%s",
key = mntent.mnt_dir; mntent.mnt_dir, mntent.mnt_dir);
val = mntent.mnt_dir; else
} else { ret = snprintf(arg, sizeof(arg), "%s:%s",
fmt = "%s:%s"; mntent.mnt_dir, mntent.mnt_fsname);
key = mntent.mnt_dir;
val = mntent.mnt_fsname;
}
ret = snprintf(arg, sizeof(arg), fmt, key, val);
if (ret < 0 || ret >= sizeof(arg)) { if (ret < 0 || ret >= sizeof(arg)) {
fclose(mnts); fclose(mnts);
ERROR("snprintf failed"); ERROR("snprintf failed");
...@@ -547,7 +542,6 @@ static void exec_criu(struct cgroup_ops *cgroup_ops, struct lxc_conf *conf, ...@@ -547,7 +542,6 @@ static void exec_criu(struct cgroup_ops *cgroup_ops, struct lxc_conf *conf,
lxc_list_for_each(it, &opts->c->lxc_conf->network) { lxc_list_for_each(it, &opts->c->lxc_conf->network) {
size_t retlen; size_t retlen;
char eth[128], *veth; char eth[128], *veth;
char *fmt;
struct lxc_netdev *n = it->elem; struct lxc_netdev *n = it->elem;
bool external_not_veth; bool external_not_veth;
...@@ -579,18 +573,23 @@ static void exec_criu(struct cgroup_ops *cgroup_ops, struct lxc_conf *conf, ...@@ -579,18 +573,23 @@ static void exec_criu(struct cgroup_ops *cgroup_ops, struct lxc_conf *conf,
if (n->link[0] != '\0') { if (n->link[0] != '\0') {
if (external_not_veth) if (external_not_veth)
fmt = "veth[%s]:%s@%s"; ret = snprintf(buf, sizeof(buf),
"veth[%s]:%s@%s",
eth, veth,
n->link);
else else
fmt = "%s=%s@%s"; ret = snprintf(buf, sizeof(buf),
"%s=%s@%s", eth,
ret = snprintf(buf, sizeof(buf), fmt, eth, veth, n->link); veth, n->link);
} else { } else {
if (external_not_veth) if (external_not_veth)
fmt = "veth[%s]:%s"; ret = snprintf(buf, sizeof(buf),
"veth[%s]:%s",
eth, veth);
else else
fmt = "%s=%s"; ret = snprintf(buf, sizeof(buf),
"%s=%s", eth,
ret = snprintf(buf, sizeof(buf), fmt, eth, veth); veth);
} }
if (ret < 0 || ret >= sizeof(buf)) if (ret < 0 || ret >= sizeof(buf))
goto err; goto err;
......
src/lxc/log.c
...@@ -122,14 +122,20 @@ static char *lxc_log_get_va_msg(struct lxc_log_event *event) ...@@ -122,14 +122,20 @@ static char *lxc_log_get_va_msg(struct lxc_log_event *event)
return NULL; return NULL;
va_copy(args, *event->vap); va_copy(args, *event->vap);
#pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wformat-nonliteral"
len = vsnprintf(NULL, 0, event->fmt, args) + 1; len = vsnprintf(NULL, 0, event->fmt, args) + 1;
#pragma GCC diagnostic pop
va_end(args); va_end(args);
msg = malloc(len * sizeof(char)); msg = malloc(len * sizeof(char));
if (!msg) if (!msg)
return NULL; return NULL;
#pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wformat-nonliteral"
rc = vsnprintf(msg, len, event->fmt, *event->vap); rc = vsnprintf(msg, len, event->fmt, *event->vap);
#pragma GCC diagnostic pop
if (rc == -1 || rc >= len) { if (rc == -1 || rc >= len) {
free(msg); free(msg);
return NULL; return NULL;
...@@ -183,7 +189,10 @@ static int log_append_stderr(const struct lxc_log_appender *appender, ...@@ -183,7 +189,10 @@ static int log_append_stderr(const struct lxc_log_appender *appender,
log_container_name ? ": " : ""); log_container_name ? ": " : "");
fprintf(stderr, "%s: %s: %d ", event->locinfo->file, fprintf(stderr, "%s: %s: %d ", event->locinfo->file,
event->locinfo->func, event->locinfo->line); event->locinfo->func, event->locinfo->line);
#pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wformat-nonliteral"
vfprintf(stderr, event->fmt, *event->vap); vfprintf(stderr, event->fmt, *event->vap);
#pragma GCC diagnostic pop
fprintf(stderr, "\n"); fprintf(stderr, "\n");
return 0; return 0;
...@@ -349,7 +358,10 @@ static int log_append_logfile(const struct lxc_log_appender *appender, ...@@ -349,7 +358,10 @@ static int log_append_logfile(const struct lxc_log_appender *appender,
return n; return n;
if ((size_t)n < STRARRAYLEN(buffer)) { if ((size_t)n < STRARRAYLEN(buffer)) {
#pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wformat-nonliteral"
ret = vsnprintf(buffer + n, sizeof(buffer) - n, event->fmt, *event->vap); ret = vsnprintf(buffer + n, sizeof(buffer) - n, event->fmt, *event->vap);
#pragma GCC diagnostic pop
if (ret < 0) if (ret < 0)
return 0; return 0;
......
src/lxc/pam/pam_cgfs.c
...@@ -297,8 +297,11 @@ static void mysyslog(int err, const char *format, ...) ...@@ -297,8 +297,11 @@ static void mysyslog(int err, const char *format, ...)
va_list args; va_list args;
va_start(args, format); va_start(args, format);
#pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wformat-nonliteral"
openlog("PAM-CGFS", LOG_CONS | LOG_PID, LOG_AUTH); openlog("PAM-CGFS", LOG_CONS | LOG_PID, LOG_AUTH);
vsyslog(err, format, args); vsyslog(err, format, args);
#pragma GCC diagnostic pop
va_end(args); va_end(args);
closelog(); closelog();
} }
......
src/lxc/storage/lvm.c
...@@ -264,6 +264,7 @@ int lvm_umount(struct lxc_storage *bdev) ...@@ -264,6 +264,7 @@ int lvm_umount(struct lxc_storage *bdev)
return umount(bdev->dest); return umount(bdev->dest);
} }
#define __LVSCMD "lvs --unbuffered --noheadings -o lv_attr %s 2>/dev/null"
int lvm_compare_lv_attr(const char *path, int pos, const char expected) int lvm_compare_lv_attr(const char *path, int pos, const char expected)
{ {
struct lxc_popen_FILE *f; struct lxc_popen_FILE *f;
...@@ -272,12 +273,11 @@ int lvm_compare_lv_attr(const char *path, int pos, const char expected) ...@@ -272,12 +273,11 @@ int lvm_compare_lv_attr(const char *path, int pos, const char expected)
char *cmd; char *cmd;
char output[12]; char output[12];
int start = 0; int start = 0;
const char *lvscmd = "lvs --unbuffered --noheadings -o lv_attr %s 2>/dev/null";
len = strlen(lvscmd) + strlen(path) + 1; len = strlen(__LVSCMD) + strlen(path) + 1;
cmd = alloca(len); cmd = alloca(len);
ret = snprintf(cmd, len, lvscmd, path); ret = snprintf(cmd, len, __LVSCMD, path);
if (ret < 0 || (size_t)ret >= len) if (ret < 0 || (size_t)ret >= len)
return -1; return -1;
......
src/lxc/string_utils.c
...@@ -295,19 +295,22 @@ char *lxc_append_paths(const char *first, const char *second) ...@@ -295,19 +295,22 @@ char *lxc_append_paths(const char *first, const char *second)
int ret; int ret;
size_t len; size_t len;
char *result = NULL; char *result = NULL;
const char *pattern = "%s%s"; int pattern_type = 0;
len = strlen(first) + strlen(second) + 1; len = strlen(first) + strlen(second) + 1;
if (second[0] != '/') { if (second[0] != '/') {
len += 1; len += 1;
pattern = "%s/%s"; pattern_type = 1;
} }
result = calloc(1, len); result = calloc(1, len);
if (!result) if (!result)
return NULL; return NULL;
ret = snprintf(result, len, pattern, first, second); if (pattern_type == 0)
ret = snprintf(result, len, "%s%s", first, second);
else
ret = snprintf(result, len, "%s/%s", first, second);
if (ret < 0 || (size_t)ret >= len) { if (ret < 0 || (size_t)ret >= len) {
free(result); free(result);
return NULL; return NULL;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment