Patchwork ubi-utils: fix warning in fprintf() code

login
register
mail settings
Submitter Mike Frysinger
Date Jan. 12, 2009, 4:08 p.m.
Message ID <1231776487-21240-1-git-send-email-vapier@gentoo.org>
Download mbox | patch
Permalink /patch/17967/
State Accepted, archived
Commit e95a99a2c5ffb5ae1bf0f69bc553f591e57815e2
Headers show

Comments

Mike Frysinger - Jan. 12, 2009, 4:08 p.m.
When building with gcc security warnings enabled, the ubimirror.c code
triggers this warning:
./src/ubimirror.c: In function 'main':
./src/ubimirror.c:206: error: format not a string literal and no format arguments

Since the buffer in question should be a straight string anyways, avoid
ugly printf exploits by outputting the string indirectly:
	printf("%s", buffer)

Signed-off-by: Mike Frysinger <vapier@gentoo.org>
---
 ubi-utils/src/ubimirror.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)
Artem Bityutskiy - Jan. 13, 2009, 9:07 a.m.
On Mon, 2009-01-12 at 11:08 -0500, Mike Frysinger wrote:
> When building with gcc security warnings enabled, the ubimirror.c code
> triggers this warning:
> ./src/ubimirror.c: In function 'main':
> ./src/ubimirror.c:206: error: format not a string literal and no format arguments
> 
> Since the buffer in question should be a straight string anyways, avoid
> ugly printf exploits by outputting the string indirectly:
> 	printf("%s", buffer)
> 
> Signed-off-by: Mike Frysinger <vapier@gentoo.org>

Both patches are applied, thank you!

Patch

diff --git a/ubi-utils/src/ubimirror.c b/ubi-utils/src/ubimirror.c
index 2cc4596..a20e1af 100644
--- a/ubi-utils/src/ubimirror.c
+++ b/ubi-utils/src/ubimirror.c
@@ -203,7 +203,7 @@  main(int argc, char **argv) {
 		       err_buf, sizeof(err_buf));
 	if( rc ){
 		err_buf[sizeof err_buf - 1] = '\0';
-		fprintf(stderr, err_buf);
+		fprintf(stderr, "%s", err_buf);
 		if( rc < 0 )
 			rc = -rc;
 	}