summaryrefslogtreecommitdiffstats
path: root/meta
diff options
context:
space:
mode:
authorEdwin Plauchu <edwin.plauchu.camacho@intel.com>2016-05-17 14:25:35 -0500
committerRichard Purdie <richard.purdie@linuxfoundation.org>2016-05-19 09:05:20 +0100
commit8ed25517a9ba01b85153a0ffb93fd62b09b21756 (patch)
tree4b7987d85aaee49ee7832e878857a5f0850897bf /meta
parent1613275de75037ba79aa88ee257f5055211de93d (diff)
downloadpoky-8ed25517a9ba01b85153a0ffb93fd62b09b21756.tar.gz
stat: fix security issues
This patch avoids stat fails to compile with compiler flags which elevate common string formatting issues into an error (-Wformat -Wformat-security -Werror=format-security). [YOCTO #9550] (From OE-Core rev: f03c1f41933e9997a01a8b1dcdf9fb18579de1d1) Signed-off-by: Edwin Plauchu <edwin.plauchu.camacho@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta')
-rw-r--r--meta/conf/distro/include/security_flags.inc1
-rw-r--r--meta/recipes-extended/stat/stat-3.3/fix-security-format.patch68
-rw-r--r--meta/recipes-extended/stat/stat_3.3.bb1
3 files changed, 69 insertions, 1 deletions
diff --git a/meta/conf/distro/include/security_flags.inc b/meta/conf/distro/include/security_flags.inc
index 7a91cec4d4..5ae6dd876d 100644
--- a/meta/conf/distro/include/security_flags.inc
+++ b/meta/conf/distro/include/security_flags.inc
@@ -105,7 +105,6 @@ SECURITY_STRINGFORMAT_pn-gettext = ""
105SECURITY_STRINGFORMAT_pn-kexec-tools = "" 105SECURITY_STRINGFORMAT_pn-kexec-tools = ""
106SECURITY_STRINGFORMAT_pn-makedevs = "" 106SECURITY_STRINGFORMAT_pn-makedevs = ""
107SECURITY_STRINGFORMAT_pn-oh-puzzles = "" 107SECURITY_STRINGFORMAT_pn-oh-puzzles = ""
108SECURITY_STRINGFORMAT_pn-stat = ""
109SECURITY_STRINGFORMAT_pn-unzip = "" 108SECURITY_STRINGFORMAT_pn-unzip = ""
110SECURITY_STRINGFORMAT_pn-zip = "" 109SECURITY_STRINGFORMAT_pn-zip = ""
111 110
diff --git a/meta/recipes-extended/stat/stat-3.3/fix-security-format.patch b/meta/recipes-extended/stat/stat-3.3/fix-security-format.patch
new file mode 100644
index 0000000000..0c01ed0383
--- /dev/null
+++ b/meta/recipes-extended/stat/stat-3.3/fix-security-format.patch
@@ -0,0 +1,68 @@
1stat: Fixing security formatting issues
2
3Fix security formatting issues related to printf without NULL argument
4
5stat.c: In function 'print_human_access':
6stat.c:292:13: error: format not a string literal and no format arguments [-Werror=format-security]
7 printf (access);
8 ^
9stat.c: In function 'print_human_time':
10stat.c:299:57: error: format not a string literal and no format arguments [-Werror=format-security]
11 if (strftime(str, 40, "%c", localtime(t)) > 0) printf(str);
12 ^
13stat.c: In function 'print_it':
14stat.c:613:6: error: format not a string literal and no format arguments [-Werror=format-security]
15 printf(b);
16 ^
17stat.c:642:6: error: format not a string literal and no format arguments [-Werror=format-security]
18 printf(b);
19 ^
20
21[YOCTO #9550]
22[https://bugzilla.yoctoproject.org/show_bug.cgi?id=9550]
23
24Upstream-Status: Pending
25
26Signed-off-by: Edwin Plauchu <edwin.plauchu.camacho@intel.com>
27
28diff --git a/stat.c b/stat.c
29index 1ed07a9..2be6f62 100644
30--- a/stat.c
31+++ b/stat.c
32@@ -289,15 +289,15 @@ void print_human_access(struct stat *statbuf)
33 default:
34 access[0] = '?';
35 }
36- printf (access);
37+ fputs(access,stdout);
38 }
39
40 void print_human_time(time_t *t)
41 {
42 char str[40];
43
44- if (strftime(str, 40, "%c", localtime(t)) > 0) printf(str);
45- else printf("Cannot calculate human readable time, sorry");
46+ if (strftime(str, 40, "%c", localtime(t)) > 0) fputs(str,stdout);
47+ else fputs("Cannot calculate human readable time, sorry",stdout);
48 }
49
50 /* print statfs info */
51@@ -610,7 +610,7 @@ void print_it(char *masterformat, char *filename,
52 {
53 strcpy (pformat, "%");
54 *m++ = '\0';
55- printf(b);
56+ fputs(b,stdout);
57
58 /* copy all format specifiers to our format string */
59 while (isdigit(*m) || strchr("#0-+. I", *m))
60@@ -639,7 +639,7 @@ void print_it(char *masterformat, char *filename,
61 }
62 else
63 {
64- printf(b);
65+ fputs(b,stdout);
66 b = NULL;
67 }
68 }
diff --git a/meta/recipes-extended/stat/stat_3.3.bb b/meta/recipes-extended/stat/stat_3.3.bb
index a5ece07440..0697c73908 100644
--- a/meta/recipes-extended/stat/stat_3.3.bb
+++ b/meta/recipes-extended/stat/stat_3.3.bb
@@ -6,6 +6,7 @@ LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=39886b077fd072e876e5c4c16310b631 \
6 file://GPL;md5=94d55d512a9ba36caa9b7df079bae19f" 6 file://GPL;md5=94d55d512a9ba36caa9b7df079bae19f"
7 7
8SRC_URI = "http://www.ibiblio.org/pub/Linux/utils/file/${BP}.tar.gz \ 8SRC_URI = "http://www.ibiblio.org/pub/Linux/utils/file/${BP}.tar.gz \
9 file://fix-security-format.patch \
9 file://fix-error-return.patch" 10 file://fix-error-return.patch"
10 11
11SRC_URI[md5sum] = "37e247e8e400ad9205f1b0500b728fd3" 12SRC_URI[md5sum] = "37e247e8e400ad9205f1b0500b728fd3"