[Pkg-privacy-commits] [irssi-plugin-otr] 145/267: Add security CFLAGS enabled by default

Sat Aug 22 12:41:37 UTC 2015

This is an automated email from the git hooks/post-receive script.

infinity0 pushed a commit to branch debian
in repository irssi-plugin-otr.

commit e005cdd4c0a5e1c43a60366d92769cb30fd0b87e
Author: David Goulet <dgoulet at ev0ke.net>
Date:   Fri Nov 16 18:10:35 2012 -0500

    Add security CFLAGS enabled by default
    
    Fix warnings created by the new flags.
    
    Signed-off-by: David Goulet <dgoulet at ev0ke.net>
---
 configure.ac |  2 +-
 src/key.c    | 21 +++++++++++++++++----
 src/otr.c    |  6 +++++-
 3 files changed, 23 insertions(+), 6 deletions(-)

diff --git a/configure.ac b/configure.ac
index f18ddea..09cde72 100644
--- a/configure.ac
+++ b/configure.ac
@@ -39,7 +39,7 @@ AC_SUBST(PACKAGE_CFLAGS)
 
 LT_INIT
 
-CFLAGS="-Wall $CFLAGS -g -fno-strict-aliasing"
+CFLAGS="-Wall $CFLAGS -g -fno-strict-aliasing -fstack-protector-all -D_FORTIFY_SOURCE=2 -O1 -Wl,-z,relro,-z,now -fPIE -pie"
 
 DEFAULT_INCLUDES="-I\$(top_srcdir) -I\$(top_builddir) -I\$(top_builddir)/src -I\$(top_builddir)/include"
 
diff --git a/src/key.c b/src/key.c
index 24dbe7c..8b8d960 100644
--- a/src/key.c
+++ b/src/key.c
@@ -43,14 +43,18 @@ static struct {
 
 static char *file_path_build(const char *path)
 {
-	char *filename = NULL;
+	int ret;
+	char *filename;
 
 	if (!path) {
 		path = "";
 	}
 
 	/* Either NULL or the filename is returned here which is valid. */
-	(void) asprintf(&filename, "%s%s", get_client_config_dir(), path);
+	ret = asprintf(&filename, "%s%s", get_client_config_dir(), path);
+	if (ret < 0) {
+		filename = NULL;
+	}
 
 	return filename;
 }
@@ -110,12 +114,17 @@ end:
 static gboolean keygen_complete(GIOChannel *source, GIOCondition condition,
 		gpointer data)
 {
+	int ret;
 	gcry_error_t err;
 	const char *clconfdir = get_client_config_dir();
 	char *filename = g_strconcat(clconfdir, OTR_KEYFILE, NULL);
 	char *tmpfilename = g_strconcat(clconfdir, OTR_TMP_KEYFILE, NULL);
 
-	read(g_io_channel_unix_get_fd(kg_st.ch[0]), &err, sizeof(err));
+	ret = read(g_io_channel_unix_get_fd(kg_st.ch[0]), &err, sizeof(err));
+	if (ret < 0) {
+		IRSSI_INFO(NULL, NULL, "Unable to read on key gen IO channel.");
+		goto error;
+	}
 
 	g_source_remove(kg_st.cpid);
 	g_io_channel_shutdown(kg_st.ch[0], FALSE, NULL);
@@ -145,6 +154,7 @@ static gboolean keygen_complete(GIOChannel *source, GIOCondition condition,
 	g_free(filename);
 	g_free(tmpfilename);
 
+error:
 	return FALSE;
 }
 
@@ -229,7 +239,10 @@ void key_generation_run(struct otr_user_state *ustate, const char *accname)
 
 	err = otrl_privkey_generate(ustate->otr_state, filename, accname,
 			OTR_PROTOCOL_ID);
-	(void) write(fds[1], &err, sizeof(err));
+	ret = write(fds[1], &err, sizeof(err));
+	if (ret != sizeof(err) || ret < 0) {
+		IRSSI_INFO(NULL, NULL, "Unable to write to pipe at key gen.");
+	}
 
 	g_free(filename);
 
diff --git a/src/otr.c b/src/otr.c
index 24fa635..50f978f 100644
--- a/src/otr.c
+++ b/src/otr.c
@@ -50,13 +50,17 @@ GRegex *regex_policies;
 
 static char *create_account_name(SERVER_REC *irssi)
 {
+	int ret;
 	char *accname = NULL;
 
 	assert(irssi);
 
 	/* Valid or NULL, the caller should handle this */
-	(void) asprintf(&accname, "%s@%s", IRSSI_NICK(irssi),
+	ret = asprintf(&accname, "%s@%s", IRSSI_NICK(irssi),
 			IRSSI_CONN_ADDR(irssi));
+	if (ret < 0) {
+		IRSSI_INFO(NULL, NULL, "Unable to allocate account name.");
+	}
 
 	return accname;
 }

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-privacy/packages/irssi-plugin-otr.git

