[med-svn] [sra-sdk] 01/05: Fix format strings in snprintf() calls

Wed Oct 23 11:10:12 UTC 2013

This is an automated email from the git hooks/post-receive script.

tille pushed a commit to branch master
in repository sra-sdk.

commit d423133470a19b9f5e8d220098c1bcccdc816804
Author: Andreas Tille <tille at debian.org>
Date:   Wed Oct 23 11:17:03 2013 +0200

    Fix format strings in snprintf() calls
---
 debian/changelog                               |    2 ++
 debian/patches/hardening-format-security.patch |   43 ++++++++++++++++++++++++
 debian/patches/series                          |    1 +
 3 files changed, 46 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index e7474bb..e07d56c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -22,6 +22,8 @@ sra-sdk (2.3.3-4~dfsg-1) UNRELEASED; urgency=low
     shipped in this version any more - so remove these from dh_install
   * debian/patches/hardening.patch: Propagate Debian hardening options
     into build system
+  * debian/patches/hardening-format-security.patch: Fix format strings in
+    snprintf() calls
 
   [ Charles Plessy ]
   32dd5cd Updated symbols file.
diff --git a/debian/patches/hardening-format-security.patch b/debian/patches/hardening-format-security.patch
new file mode 100644
index 0000000..6457902
--- /dev/null
+++ b/debian/patches/hardening-format-security.patch
@@ -0,0 +1,43 @@
+Author: Andreas Tille <tille at debian.org>
+LastChanged: Wed, 23 Oct 2013 10:43:20 +0200
+Description: Fix format strings in snprintf() calls
+  When using hardening options, specifically -Werror=format-security
+  some errors of kind:
+     format not a string literal and no format arguments
+  appeared in some snprintf() calls.  This is fixed by providing
+  the expected format string
+
+
+--- a/libs/kdb/database.c
++++ b/libs/kdb/database.c
+@@ -216,7 +216,7 @@ rc_t KDBManagerVOpenDBReadInt ( const KD
+        is that of stdc library's printf, not vdb printf */
+     char dbpath [ 4096 ];
+     int z = ( args == NULL ) ?
+-        snprintf ( dbpath, sizeof dbpath, path ):
++        snprintf ( dbpath, sizeof dbpath, "%s", path ):
+         vsnprintf ( dbpath, sizeof dbpath, path, args );
+     if ( z < 0 || ( size_t ) z >= sizeof dbpath )
+         rc = RC ( rcDB, rcMgr, rcOpening, rcPath, rcExcessive );
+--- a/libs/kdb/table.c
++++ b/libs/kdb/table.c
+@@ -216,7 +216,7 @@ rc_t KDBManagerVOpenTableReadInt ( const
+ 
+     char tblpath [ 4096 ];
+     int z = ( args == NULL ) ?
+-        snprintf ( tblpath, sizeof tblpath, path ):
++        snprintf ( tblpath, sizeof tblpath, "%s", path ):
+         vsnprintf ( tblpath, sizeof tblpath, path, args );
+     if ( z < 0 || ( size_t ) z >= sizeof tblpath )
+         rc = RC ( rcDB, rcMgr, rcOpening, rcPath, rcExcessive );
+--- a/libs/kdb/index.c
++++ b/libs/kdb/index.c
+@@ -492,7 +492,7 @@ LIB_EXPORT rc_t CC KTableVOpenIndexRead
+     {
+         int len;
+         if ( args == 0 )
+-            len = snprintf ( path, sizeof path, name );
++            len = snprintf ( path, sizeof path, "%s", name );
+         else
+             len = vsnprintf ( path, sizeof path, name, args );
+         if ( len < 0 || ( size_t ) len >= sizeof path )
diff --git a/debian/patches/series b/debian/patches/series
index 538907f..3cfd24c 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -2,3 +2,4 @@ do_not_build_external_libs.patch
 10_portability.patch
 build-with-system-libbz2-libz.patch
 hardening.patch
+hardening-format-security.patch

-- 
Alioth's /git/debian-med/git-commit-notice on /srv/git.debian.org/git/debian-med/sra-sdk.git

