diff options
author | Hauke Mehrtens <hauke@hauke-m.de> | 2019-09-02 22:27:35 +0200 |
---|---|---|
committer | Jo-Philipp Wich <jo@mein.io> | 2019-09-03 11:54:22 +0200 |
commit | 4d0c703e750cdbaa7d8afc56de05bd1238e3c981 (patch) | |
tree | 2e2ef398d92e32bcc36e70367f9bec963fa8ff94 | |
parent | 8c404ef02f0122ec90b48e122777ff6bfa715d7f (diff) | |
download | firewall3-4d0c703e750cdbaa7d8afc56de05bd1238e3c981.tar.gz |
firewall3: Fix some format string problems
This adds annotations for the format strings to the print functions and
fixes the newly found problems. One of them is a format security
problem.
Coverity: #1412532
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
-rw-r--r-- | defaults.c | 2 | ||||
-rw-r--r-- | includes.c | 2 | ||||
-rw-r--r-- | redirects.c | 5 | ||||
-rw-r--r-- | utils.h | 15 |
4 files changed, 14 insertions, 10 deletions
@@ -393,7 +393,7 @@ set_default(const char *name, int set) snprintf(path, sizeof(path), "/proc/sys/net/ipv4/tcp_%s", name); - info(" * Set tcp_%s to %s", name, set ? "on" : "off", name); + info(" * Set tcp_%s to %s", name, set ? "on" : "off"); if (!(f = fopen(path, "w"))) { @@ -140,7 +140,7 @@ print_include(struct fw3_include *include) } while (fgets(line, sizeof(line), f)) - fw3_pr(line); + fw3_pr("%s", line); fclose(f); } diff --git a/redirects.c b/redirects.c index 97529ee..d376555 100644 --- a/redirects.c +++ b/redirects.c @@ -254,14 +254,13 @@ check_redirect(struct fw3_state *state, struct fw3_redirect *redir, struct uci_e } else if (redir->ipset.set && state->disable_ipsets) { - warn_section("redirect", redir, e, "skipped due to disabled ipset support", - redir->name); + warn_section("redirect", redir, e, "skipped due to disabled ipset support"); return false; } else if (redir->ipset.set && !(redir->ipset.ptr = fw3_lookup_ipset(state, redir->ipset.name))) { - warn_section("redirect", redir, e, "refers to unknown ipset '%s'", redir->name, + warn_section("redirect", redir, e, "refers to unknown ipset '%s'", redir->ipset.name); return false; } @@ -46,10 +46,14 @@ extern bool fw3_pr_debug; struct fw3_address; -void warn_elem(struct uci_element *e, const char *format, ...); -void warn(const char *format, ...); -void error(const char *format, ...); -void info(const char *format, ...); +void warn_elem(struct uci_element *e, const char *format, ...) + __attribute__ ((format (printf, 2, 3))); +void warn(const char *format, ...) + __attribute__ ((format (printf, 1, 2))); +void error(const char *format, ...) + __attribute__ ((format (printf, 1, 2))); +void info(const char *format, ...) + __attribute__ ((format (printf, 1, 2))); #define warn_section(t, r, e, fmt, ...) \ @@ -96,7 +100,8 @@ bool __fw3_command_pipe(bool silent, const char *command, ...); #define fw3_command_pipe(...) __fw3_command_pipe(__VA_ARGS__, NULL) void fw3_command_close(void); -void fw3_pr(const char *fmt, ...); +void fw3_pr(const char *fmt, ...) + __attribute__ ((format (printf, 1, 2))); bool fw3_has_table(bool ipv6, const char *table); |