configure | 4 ++-- configure.ac | 4 ++-- ldap/servers/slapd/log.c | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-)
New commits: commit be8c06333c2ad39e4cfe18a95b967dc9331efef3 Author: William Brown firstyear@redhat.com Date: Tue Jan 19 12:43:13 2016 +1000
Ticket 47968 - Fix for format string in syslog.
Bug Description: There is a format string error in log.c's usage of syslog (3). This was detected in the RPM build which applies different settings.
Fix Description: Fix the format string to be safe. Add the format string check to the gcc-security check so that we can test for this.
https://fedorahosted.org/389/ticket/47968
Author: wibrown
Review by: One line rule.
diff --git a/configure b/configure index c266be0..0fa6772 100755 --- a/configure +++ b/configure @@ -17737,9 +17737,9 @@ if test "${enable_gcc_security+set}" = set; then : { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } if test -z "$RPM_HARDEND_CC_TRUE"; then : - gccsec_defs="-Wall -Wp,-D_FORITY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 " + gccsec_defs="-Wall -Wp,-D_FORITY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -Werror=format-security -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 " else - gccsec_defs="-Wall -Wp,-D_FORITY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches" + gccsec_defs="-Wall -Wp,-D_FORITY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -Werror=format-security"
fi
diff --git a/configure.ac b/configure.ac index d5045ef..7f93b6a 100644 --- a/configure.ac +++ b/configure.ac @@ -95,8 +95,8 @@ AC_ARG_ENABLE(gcc-security, AS_HELP_STRING([--enable-gcc-security], [Enable gcc [ AC_MSG_RESULT(yes) AM_COND_IF([RPM_HARDEND_CC], - [ gccsec_defs="-Wall -Wp,-D_FORITY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 " ], - [ gccsec_defs="-Wall -Wp,-D_FORITY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches" ] + [ gccsec_defs="-Wall -Wp,-D_FORITY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -Werror=format-security -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 " ], + [ gccsec_defs="-Wall -Wp,-D_FORITY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -Werror=format-security" ] ) ], [ diff --git a/ldap/servers/slapd/log.c b/ldap/servers/slapd/log.c index a8ab969..07bc762 100644 --- a/ldap/servers/slapd/log.c +++ b/ldap/servers/slapd/log.c @@ -1981,7 +1981,7 @@ slapd_log_audit ( } if (lbackend & LOGGING_BACKEND_SYSLOG) { /* This returns void, so we hope it worked */ - syslog(LOG_NOTICE, buffer); + syslog(LOG_NOTICE, "%s", buffer); } #ifdef WITH_SYSTEMD if (lbackend & LOGGING_BACKEND_JOURNALD) { @@ -2040,7 +2040,7 @@ slapd_log_auditfail ( } if (lbackend & LOGGING_BACKEND_SYSLOG) { /* This returns void, so we hope it worked */ - syslog(LOG_NOTICE, buffer); + syslog(LOG_NOTICE, "%s", buffer); } #ifdef WITH_SYSTEMD if (lbackend & LOGGING_BACKEND_JOURNALD) {
389-commits@lists.fedoraproject.org