* [PATCH] meta:recipes-extended: stat fix security gaps
@ 2016-05-16 20:19 edwin.plauchu.camacho
2016-05-16 21:28 ` Khem Raj
0 siblings, 1 reply; 11+ messages in thread
From: edwin.plauchu.camacho @ 2016-05-16 20:19 UTC (permalink / raw)
To: openembedded-core; +Cc: Edwin Plauchu
From: Edwin Plauchu <edwin.plauchu.camacho@intel.com>
This patch avoids stat fails to compile with compiler flags which elevate common string formatting issues into an error (-Wformat -Wformat-security -Werror=format-security).
[YOCTO #9550]
Signed-off-by: Edwin Plauchu <edwin.plauchu.camacho@intel.com>
---
meta/conf/distro/include/security_flags.inc | 1 -
.../stat/stat-3.3/fix-security-format.patch | 77 ++++++++++++++++++++++
meta/recipes-extended/stat/stat_3.3.bb | 1 +
3 files changed, 78 insertions(+), 1 deletion(-)
create mode 100644 meta/recipes-extended/stat/stat-3.3/fix-security-format.patch
diff --git a/meta/conf/distro/include/security_flags.inc b/meta/conf/distro/include/security_flags.inc
index 7a91cec..5ae6dd8 100644
--- a/meta/conf/distro/include/security_flags.inc
+++ b/meta/conf/distro/include/security_flags.inc
@@ -105,7 +105,6 @@ SECURITY_STRINGFORMAT_pn-gettext = ""
SECURITY_STRINGFORMAT_pn-kexec-tools = ""
SECURITY_STRINGFORMAT_pn-makedevs = ""
SECURITY_STRINGFORMAT_pn-oh-puzzles = ""
-SECURITY_STRINGFORMAT_pn-stat = ""
SECURITY_STRINGFORMAT_pn-unzip = ""
SECURITY_STRINGFORMAT_pn-zip = ""
diff --git a/meta/recipes-extended/stat/stat-3.3/fix-security-format.patch b/meta/recipes-extended/stat/stat-3.3/fix-security-format.patch
new file mode 100644
index 0000000..7d9f8df
--- /dev/null
+++ b/meta/recipes-extended/stat/stat-3.3/fix-security-format.patch
@@ -0,0 +1,77 @@
+meta: recipes-extended: Fixing security formatting issues on stat
+
+Fix security formatting issues related to printf without NULL argument
+
+stat.c: In function 'print_human_access':
+stat.c:292:13: error: format not a string literal and no format arguments [-Werror=format-security]
+ printf (access);
+ ^
+stat.c: In function 'print_human_time':
+stat.c:299:57: error: format not a string literal and no format arguments [-Werror=format-security]
+ if (strftime(str, 40, "%c", localtime(t)) > 0) printf(str);
+ ^
+stat.c: In function 'print_it':
+stat.c:613:6: error: format not a string literal and no format arguments [-Werror=format-security]
+ printf(b);
+ ^
+stat.c:642:6: error: format not a string literal and no format arguments [-Werror=format-security]
+ printf(b);
+ ^
+
+[YOCTO #9550]
+[https://bugzilla.yoctoproject.org/show_bug.cgi?id=9550]
+
+Upstream-Status: Pending
+
+Signed-off-by: Edwin Plauchu <edwin.plauchu.camacho@intel.com>
+
+diff --git a/stat.c b/stat.c
+index 1ed07a9..351ab54 100644
+--- a/stat.c
++++ b/stat.c
+@@ -21,6 +21,8 @@
+
+ #include "fs.h"
+
++#define __PRINT(STR) printf (STR,NULL)
++
+ void print_human_type(unsigned short mode)
+ {
+ switch (mode & S_IFMT)
+@@ -289,15 +291,15 @@ void print_human_access(struct stat *statbuf)
+ default:
+ access[0] = '?';
+ }
+- printf (access);
++ __PRINT(access);
+ }
+
+ void print_human_time(time_t *t)
+ {
+ char str[40];
+
+- if (strftime(str, 40, "%c", localtime(t)) > 0) printf(str);
+- else printf("Cannot calculate human readable time, sorry");
++ if (strftime(str, 40, "%c", localtime(t)) > 0) __PRINT(str);
++ else __PRINT("Cannot calculate human readable time, sorry");
+ }
+
+ /* print statfs info */
+@@ -610,7 +612,7 @@ void print_it(char *masterformat, char *filename,
+ {
+ strcpy (pformat, "%");
+ *m++ = '\0';
+- printf(b);
++ __PRINT(b);
+
+ /* copy all format specifiers to our format string */
+ while (isdigit(*m) || strchr("#0-+. I", *m))
+@@ -639,7 +641,7 @@ void print_it(char *masterformat, char *filename,
+ }
+ else
+ {
+- printf(b);
++ __PRINT(b);
+ b = NULL;
+ }
+ }
diff --git a/meta/recipes-extended/stat/stat_3.3.bb b/meta/recipes-extended/stat/stat_3.3.bb
index a5ece07..0697c73 100644
--- a/meta/recipes-extended/stat/stat_3.3.bb
+++ b/meta/recipes-extended/stat/stat_3.3.bb
@@ -6,6 +6,7 @@ LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=39886b077fd072e876e5c4c16310b631 \
file://GPL;md5=94d55d512a9ba36caa9b7df079bae19f"
SRC_URI = "http://www.ibiblio.org/pub/Linux/utils/file/${BP}.tar.gz \
+ file://fix-security-format.patch \
file://fix-error-return.patch"
SRC_URI[md5sum] = "37e247e8e400ad9205f1b0500b728fd3"
--
1.9.1
^ permalink raw reply related [flat|nested] 11+ messages in thread* Re: [PATCH] meta:recipes-extended: stat fix security gaps
2016-05-16 20:19 [PATCH] meta:recipes-extended: stat fix security gaps edwin.plauchu.camacho
@ 2016-05-16 21:28 ` Khem Raj
2016-05-16 21:37 ` Plauchu Edwin
0 siblings, 1 reply; 11+ messages in thread
From: Khem Raj @ 2016-05-16 21:28 UTC (permalink / raw)
To: edwin.plauchu.camacho; +Cc: Edwin Plauchu, openembedded-core
[-- Attachment #1: Type: text/plain, Size: 5070 bytes --]
> On May 16, 2016, at 1:19 PM, edwin.plauchu.camacho@linux.intel.com wrote:
>
> From: Edwin Plauchu <edwin.plauchu.camacho@intel.com>
>
> This patch avoids stat fails to compile with compiler flags which elevate common string formatting issues into an error (-Wformat -Wformat-security -Werror=format-security).
>
> [YOCTO #9550]
>
> Signed-off-by: Edwin Plauchu <edwin.plauchu.camacho@intel.com>
> ---
> meta/conf/distro/include/security_flags.inc | 1 -
> .../stat/stat-3.3/fix-security-format.patch | 77 ++++++++++++++++++++++
> meta/recipes-extended/stat/stat_3.3.bb | 1 +
> 3 files changed, 78 insertions(+), 1 deletion(-)
> create mode 100644 meta/recipes-extended/stat/stat-3.3/fix-security-format.patch
>
> diff --git a/meta/conf/distro/include/security_flags.inc b/meta/conf/distro/include/security_flags.inc
> index 7a91cec..5ae6dd8 100644
> --- a/meta/conf/distro/include/security_flags.inc
> +++ b/meta/conf/distro/include/security_flags.inc
> @@ -105,7 +105,6 @@ SECURITY_STRINGFORMAT_pn-gettext = ""
> SECURITY_STRINGFORMAT_pn-kexec-tools = ""
> SECURITY_STRINGFORMAT_pn-makedevs = ""
> SECURITY_STRINGFORMAT_pn-oh-puzzles = ""
> -SECURITY_STRINGFORMAT_pn-stat = ""
> SECURITY_STRINGFORMAT_pn-unzip = ""
> SECURITY_STRINGFORMAT_pn-zip = ""
>
> diff --git a/meta/recipes-extended/stat/stat-3.3/fix-security-format.patch b/meta/recipes-extended/stat/stat-3.3/fix-security-format.patch
> new file mode 100644
> index 0000000..7d9f8df
> --- /dev/null
> +++ b/meta/recipes-extended/stat/stat-3.3/fix-security-format.patch
> @@ -0,0 +1,77 @@
> +meta: recipes-extended: Fixing security formatting issues on stat
> +
> +Fix security formatting issues related to printf without NULL argument
> +
> +stat.c: In function 'print_human_access':
> +stat.c:292:13: error: format not a string literal and no format arguments [-Werror=format-security]
> + printf (access);
> + ^
> +stat.c: In function 'print_human_time':
> +stat.c:299:57: error: format not a string literal and no format arguments [-Werror=format-security]
> + if (strftime(str, 40, "%c", localtime(t)) > 0) printf(str);
> + ^
> +stat.c: In function 'print_it':
> +stat.c:613:6: error: format not a string literal and no format arguments [-Werror=format-security]
> + printf(b);
> + ^
> +stat.c:642:6: error: format not a string literal and no format arguments [-Werror=format-security]
> + printf(b);
> + ^
> +
> +[YOCTO #9550]
> +[https://bugzilla.yoctoproject.org/show_bug.cgi?id=9550]
> +
> +Upstream-Status: Pending
> +
> +Signed-off-by: Edwin Plauchu <edwin.plauchu.camacho@intel.com>
> +
> +diff --git a/stat.c b/stat.c
> +index 1ed07a9..351ab54 100644
> +--- a/stat.c
> ++++ b/stat.c
> +@@ -21,6 +21,8 @@
> +
> + #include "fs.h"
> +
> ++#define __PRINT(STR) printf (STR,NULL)
> ++
Can we use proper formatting string here something like
printf(“%s”, access );
or use fputs() Call instead
> + void print_human_type(unsigned short mode)
> + {
> + switch (mode & S_IFMT)
> +@@ -289,15 +291,15 @@ void print_human_access(struct stat *statbuf)
> + default:
> + access[0] = '?';
> + }
> +- printf (access);
> ++ __PRINT(access);
> + }
> +
> + void print_human_time(time_t *t)
> + {
> + char str[40];
> +
> +- if (strftime(str, 40, "%c", localtime(t)) > 0) printf(str);
> +- else printf("Cannot calculate human readable time, sorry");
> ++ if (strftime(str, 40, "%c", localtime(t)) > 0) __PRINT(str);
> ++ else __PRINT("Cannot calculate human readable time, sorry");
> + }
> +
> + /* print statfs info */
> +@@ -610,7 +612,7 @@ void print_it(char *masterformat, char *filename,
> + {
> + strcpy (pformat, "%");
> + *m++ = '\0';
> +- printf(b);
> ++ __PRINT(b);
> +
> + /* copy all format specifiers to our format string */
> + while (isdigit(*m) || strchr("#0-+. I", *m))
> +@@ -639,7 +641,7 @@ void print_it(char *masterformat, char *filename,
> + }
> + else
> + {
> +- printf(b);
> ++ __PRINT(b);
> + b = NULL;
> + }
> + }
> diff --git a/meta/recipes-extended/stat/stat_3.3.bb b/meta/recipes-extended/stat/stat_3.3.bb
> index a5ece07..0697c73 100644
> --- a/meta/recipes-extended/stat/stat_3.3.bb
> +++ b/meta/recipes-extended/stat/stat_3.3.bb
> @@ -6,6 +6,7 @@ LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=39886b077fd072e876e5c4c16310b631 \
> file://GPL;md5=94d55d512a9ba36caa9b7df079bae19f"
>
> SRC_URI = "http://www.ibiblio.org/pub/Linux/utils/file/${BP}.tar.gz \
> + file://fix-security-format.patch \
> file://fix-error-return.patch"
>
> SRC_URI[md5sum] = "37e247e8e400ad9205f1b0500b728fd3"
> --
> 1.9.1
>
> --
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core
[-- Attachment #2: Message signed with OpenPGP using GPGMail --]
[-- Type: application/pgp-signature, Size: 211 bytes --]
^ permalink raw reply [flat|nested] 11+ messages in thread* Re: [PATCH] meta:recipes-extended: stat fix security gaps
2016-05-16 21:28 ` Khem Raj
@ 2016-05-16 21:37 ` Plauchu Edwin
2016-05-16 22:20 ` Khem Raj
2016-05-16 22:21 ` Randle, William C
0 siblings, 2 replies; 11+ messages in thread
From: Plauchu Edwin @ 2016-05-16 21:37 UTC (permalink / raw)
To: Khem Raj; +Cc: Edwin Plauchu, openembedded-core
On 16/05/16 16:28, Khem Raj wrote:
>> On May 16, 2016, at 1:19 PM, edwin.plauchu.camacho@linux.intel.com wrote:
>>
>> From: Edwin Plauchu <edwin.plauchu.camacho@intel.com>
>>
>> This patch avoids stat fails to compile with compiler flags which elevate common string formatting issues into an error (-Wformat -Wformat-security -Werror=format-security).
>>
>> [YOCTO #9550]
>>
>> Signed-off-by: Edwin Plauchu <edwin.plauchu.camacho@intel.com>
>> ---
>> meta/conf/distro/include/security_flags.inc | 1 -
>> .../stat/stat-3.3/fix-security-format.patch | 77 ++++++++++++++++++++++
>> meta/recipes-extended/stat/stat_3.3.bb | 1 +
>> 3 files changed, 78 insertions(+), 1 deletion(-)
>> create mode 100644 meta/recipes-extended/stat/stat-3.3/fix-security-format.patch
>>
>> diff --git a/meta/conf/distro/include/security_flags.inc b/meta/conf/distro/include/security_flags.inc
>> index 7a91cec..5ae6dd8 100644
>> --- a/meta/conf/distro/include/security_flags.inc
>> +++ b/meta/conf/distro/include/security_flags.inc
>> @@ -105,7 +105,6 @@ SECURITY_STRINGFORMAT_pn-gettext = ""
>> SECURITY_STRINGFORMAT_pn-kexec-tools = ""
>> SECURITY_STRINGFORMAT_pn-makedevs = ""
>> SECURITY_STRINGFORMAT_pn-oh-puzzles = ""
>> -SECURITY_STRINGFORMAT_pn-stat = ""
>> SECURITY_STRINGFORMAT_pn-unzip = ""
>> SECURITY_STRINGFORMAT_pn-zip = ""
>>
>> diff --git a/meta/recipes-extended/stat/stat-3.3/fix-security-format.patch b/meta/recipes-extended/stat/stat-3.3/fix-security-format.patch
>> new file mode 100644
>> index 0000000..7d9f8df
>> --- /dev/null
>> +++ b/meta/recipes-extended/stat/stat-3.3/fix-security-format.patch
>> @@ -0,0 +1,77 @@
>> +meta: recipes-extended: Fixing security formatting issues on stat
>> +
>> +Fix security formatting issues related to printf without NULL argument
>> +
>> +stat.c: In function 'print_human_access':
>> +stat.c:292:13: error: format not a string literal and no format arguments [-Werror=format-security]
>> + printf (access);
>> + ^
>> +stat.c: In function 'print_human_time':
>> +stat.c:299:57: error: format not a string literal and no format arguments [-Werror=format-security]
>> + if (strftime(str, 40, "%c", localtime(t)) > 0) printf(str);
>> + ^
>> +stat.c: In function 'print_it':
>> +stat.c:613:6: error: format not a string literal and no format arguments [-Werror=format-security]
>> + printf(b);
>> + ^
>> +stat.c:642:6: error: format not a string literal and no format arguments [-Werror=format-security]
>> + printf(b);
>> + ^
>> +
>> +[YOCTO #9550]
>> +[https://bugzilla.yoctoproject.org/show_bug.cgi?id=9550]
>> +
>> +Upstream-Status: Pending
>> +
>> +Signed-off-by: Edwin Plauchu <edwin.plauchu.camacho@intel.com>
>> +
>> +diff --git a/stat.c b/stat.c
>> +index 1ed07a9..351ab54 100644
>> +--- a/stat.c
>> ++++ b/stat.c
>> +@@ -21,6 +21,8 @@
>> +
>> + #include "fs.h"
>> +
>> ++#define __PRINT(STR) printf (STR,NULL)
>> ++
> Can we use proper formatting string here something like
> printf(“%s”, access );
>
> or use fputs() Call instead
With fputs we need to specify stdout stream and
the printf "%s" option needs a little bit more processing in formatting.
The actual change covers the security considerations with minimal add of
NULL if you
know why the another ways will be better please tell me.
Thanks in advance
Edwin Plauchu
>
>> + void print_human_type(unsigned short mode)
>> + {
>> + switch (mode & S_IFMT)
>> +@@ -289,15 +291,15 @@ void print_human_access(struct stat *statbuf)
>> + default:
>> + access[0] = '?';
>> + }
>> +- printf (access);
>> ++ __PRINT(access);
>> + }
>> +
>> + void print_human_time(time_t *t)
>> + {
>> + char str[40];
>> +
>> +- if (strftime(str, 40, "%c", localtime(t)) > 0) printf(str);
>> +- else printf("Cannot calculate human readable time, sorry");
>> ++ if (strftime(str, 40, "%c", localtime(t)) > 0) __PRINT(str);
>> ++ else __PRINT("Cannot calculate human readable time, sorry");
>> + }
>> +
>> + /* print statfs info */
>> +@@ -610,7 +612,7 @@ void print_it(char *masterformat, char *filename,
>> + {
>> + strcpy (pformat, "%");
>> + *m++ = '\0';
>> +- printf(b);
>> ++ __PRINT(b);
>> +
>> + /* copy all format specifiers to our format string */
>> + while (isdigit(*m) || strchr("#0-+. I", *m))
>> +@@ -639,7 +641,7 @@ void print_it(char *masterformat, char *filename,
>> + }
>> + else
>> + {
>> +- printf(b);
>> ++ __PRINT(b);
>> + b = NULL;
>> + }
>> + }
>> diff --git a/meta/recipes-extended/stat/stat_3.3.bb b/meta/recipes-extended/stat/stat_3.3.bb
>> index a5ece07..0697c73 100644
>> --- a/meta/recipes-extended/stat/stat_3.3.bb
>> +++ b/meta/recipes-extended/stat/stat_3.3.bb
>> @@ -6,6 +6,7 @@ LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=39886b077fd072e876e5c4c16310b631 \
>> file://GPL;md5=94d55d512a9ba36caa9b7df079bae19f"
>>
>> SRC_URI = "http://www.ibiblio.org/pub/Linux/utils/file/${BP}.tar.gz \
>> + file://fix-security-format.patch \
>> file://fix-error-return.patch"
>>
>> SRC_URI[md5sum] = "37e247e8e400ad9205f1b0500b728fd3"
>> --
>> 1.9.1
>>
>> --
>> _______________________________________________
>> Openembedded-core mailing list
>> Openembedded-core@lists.openembedded.org
>> http://lists.openembedded.org/mailman/listinfo/openembedded-core
^ permalink raw reply [flat|nested] 11+ messages in thread* Re: [PATCH] meta:recipes-extended: stat fix security gaps
2016-05-16 21:37 ` Plauchu Edwin
@ 2016-05-16 22:20 ` Khem Raj
2016-05-16 22:21 ` Randle, William C
1 sibling, 0 replies; 11+ messages in thread
From: Khem Raj @ 2016-05-16 22:20 UTC (permalink / raw)
To: Plauchu Edwin; +Cc: Edwin Plauchu, openembedded-core
[-- Attachment #1: Type: text/plain, Size: 6041 bytes --]
> On May 16, 2016, at 2:37 PM, Plauchu Edwin <edwin.plauchu.camacho@linux.intel.com> wrote:
>
>
>
> On 16/05/16 16:28, Khem Raj wrote:
>>> On May 16, 2016, at 1:19 PM, edwin.plauchu.camacho@linux.intel.com wrote:
>>>
>>> From: Edwin Plauchu <edwin.plauchu.camacho@intel.com>
>>>
>>> This patch avoids stat fails to compile with compiler flags which elevate common string formatting issues into an error (-Wformat -Wformat-security -Werror=format-security).
>>>
>>> [YOCTO #9550]
>>>
>>> Signed-off-by: Edwin Plauchu <edwin.plauchu.camacho@intel.com>
>>> ---
>>> meta/conf/distro/include/security_flags.inc | 1 -
>>> .../stat/stat-3.3/fix-security-format.patch | 77 ++++++++++++++++++++++
>>> meta/recipes-extended/stat/stat_3.3.bb | 1 +
>>> 3 files changed, 78 insertions(+), 1 deletion(-)
>>> create mode 100644 meta/recipes-extended/stat/stat-3.3/fix-security-format.patch
>>>
>>> diff --git a/meta/conf/distro/include/security_flags.inc b/meta/conf/distro/include/security_flags.inc
>>> index 7a91cec..5ae6dd8 100644
>>> --- a/meta/conf/distro/include/security_flags.inc
>>> +++ b/meta/conf/distro/include/security_flags.inc
>>> @@ -105,7 +105,6 @@ SECURITY_STRINGFORMAT_pn-gettext = ""
>>> SECURITY_STRINGFORMAT_pn-kexec-tools = ""
>>> SECURITY_STRINGFORMAT_pn-makedevs = ""
>>> SECURITY_STRINGFORMAT_pn-oh-puzzles = ""
>>> -SECURITY_STRINGFORMAT_pn-stat = ""
>>> SECURITY_STRINGFORMAT_pn-unzip = ""
>>> SECURITY_STRINGFORMAT_pn-zip = ""
>>>
>>> diff --git a/meta/recipes-extended/stat/stat-3.3/fix-security-format.patch b/meta/recipes-extended/stat/stat-3.3/fix-security-format.patch
>>> new file mode 100644
>>> index 0000000..7d9f8df
>>> --- /dev/null
>>> +++ b/meta/recipes-extended/stat/stat-3.3/fix-security-format.patch
>>> @@ -0,0 +1,77 @@
>>> +meta: recipes-extended: Fixing security formatting issues on stat
>>> +
>>> +Fix security formatting issues related to printf without NULL argument
>>> +
>>> +stat.c: In function 'print_human_access':
>>> +stat.c:292:13: error: format not a string literal and no format arguments [-Werror=format-security]
>>> + printf (access);
>>> + ^
>>> +stat.c: In function 'print_human_time':
>>> +stat.c:299:57: error: format not a string literal and no format arguments [-Werror=format-security]
>>> + if (strftime(str, 40, "%c", localtime(t)) > 0) printf(str);
>>> + ^
>>> +stat.c: In function 'print_it':
>>> +stat.c:613:6: error: format not a string literal and no format arguments [-Werror=format-security]
>>> + printf(b);
>>> + ^
>>> +stat.c:642:6: error: format not a string literal and no format arguments [-Werror=format-security]
>>> + printf(b);
>>> + ^
>>> +
>>> +[YOCTO #9550]
>>> +[https://bugzilla.yoctoproject.org/show_bug.cgi?id=9550]
>>> +
>>> +Upstream-Status: Pending
>>> +
>>> +Signed-off-by: Edwin Plauchu <edwin.plauchu.camacho@intel.com>
>>> +
>>> +diff --git a/stat.c b/stat.c
>>> +index 1ed07a9..351ab54 100644
>>> +--- a/stat.c
>>> ++++ b/stat.c
>>> +@@ -21,6 +21,8 @@
>>> +
>>> + #include "fs.h"
>>> +
>>> ++#define __PRINT(STR) printf (STR,NULL)
>>> ++
>> Can we use proper formatting string here something like
>> printf(“%s”, access );
>>
>> or use fputs() Call instead
> With fputs we need to specify stdout stream and
> the printf "%s" option needs a little bit more processing in formatting.
>
> The actual change covers the security considerations with minimal add of NULL if you
> know why the another ways will be better please tell me.
First of all macros here make code quite unreadable.
secondly, I am just recommending how printf
is supposed to be used here,
int printf(const char *format, ...);
someone just missed specifying a formatting string.
>
> Thanks in advance
> Edwin Plauchu
>>
>>> + void print_human_type(unsigned short mode)
>>> + {
>>> + switch (mode & S_IFMT)
>>> +@@ -289,15 +291,15 @@ void print_human_access(struct stat *statbuf)
>>> + default:
>>> + access[0] = '?';
>>> + }
>>> +- printf (access);
>>> ++ __PRINT(access);
>>> + }
>>> +
>>> + void print_human_time(time_t *t)
>>> + {
>>> + char str[40];
>>> +
>>> +- if (strftime(str, 40, "%c", localtime(t)) > 0) printf(str);
>>> +- else printf("Cannot calculate human readable time, sorry");
>>> ++ if (strftime(str, 40, "%c", localtime(t)) > 0) __PRINT(str);
>>> ++ else __PRINT("Cannot calculate human readable time, sorry");
>>> + }
>>> +
>>> + /* print statfs info */
>>> +@@ -610,7 +612,7 @@ void print_it(char *masterformat, char *filename,
>>> + {
>>> + strcpy (pformat, "%");
>>> + *m++ = '\0';
>>> +- printf(b);
>>> ++ __PRINT(b);
>>> +
>>> + /* copy all format specifiers to our format string */
>>> + while (isdigit(*m) || strchr("#0-+. I", *m))
>>> +@@ -639,7 +641,7 @@ void print_it(char *masterformat, char *filename,
>>> + }
>>> + else
>>> + {
>>> +- printf(b);
>>> ++ __PRINT(b);
>>> + b = NULL;
>>> + }
>>> + }
>>> diff --git a/meta/recipes-extended/stat/stat_3.3.bb b/meta/recipes-extended/stat/stat_3.3.bb
>>> index a5ece07..0697c73 100644
>>> --- a/meta/recipes-extended/stat/stat_3.3.bb
>>> +++ b/meta/recipes-extended/stat/stat_3.3.bb
>>> @@ -6,6 +6,7 @@ LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=39886b077fd072e876e5c4c16310b631 \
>>> file://GPL;md5=94d55d512a9ba36caa9b7df079bae19f"
>>>
>>> SRC_URI = "http://www.ibiblio.org/pub/Linux/utils/file/${BP}.tar.gz \
>>> + file://fix-security-format.patch \
>>> file://fix-error-return.patch"
>>>
>>> SRC_URI[md5sum] = "37e247e8e400ad9205f1b0500b728fd3"
>>> --
>>> 1.9.1
>>>
>>> --
>>> _______________________________________________
>>> Openembedded-core mailing list
>>> Openembedded-core@lists.openembedded.org
>>> http://lists.openembedded.org/mailman/listinfo/openembedded-core
>
[-- Attachment #2: Message signed with OpenPGP using GPGMail --]
[-- Type: application/pgp-signature, Size: 211 bytes --]
^ permalink raw reply [flat|nested] 11+ messages in thread* Re: [PATCH] meta:recipes-extended: stat fix security gaps
2016-05-16 21:37 ` Plauchu Edwin
2016-05-16 22:20 ` Khem Raj
@ 2016-05-16 22:21 ` Randle, William C
2016-05-17 0:21 ` Plauchu Edwin
1 sibling, 1 reply; 11+ messages in thread
From: Randle, William C @ 2016-05-16 22:21 UTC (permalink / raw)
To: edwin.plauchu.camacho@linux.intel.com
Cc: openembedded-core@lists.openembedded.org
On Mon, 2016-05-16 at 16:37 -0500, Plauchu Edwin wrote:
>
> On 16/05/16 16:28, Khem Raj wrote:
> >
> > >
> > > On May 16, 2016, at 1:19 PM, edwin.plauchu.camacho@linux.intel.com wrote:
> > >
> > > From: Edwin Plauchu <edwin.plauchu.camacho@intel.com>
> > >
> > > This patch avoids stat fails to compile with compiler flags which elevate
> > > common string formatting issues into an error (-Wformat -Wformat-security
> > > -Werror=format-security).
> > >
> > > [YOCTO #9550]
> > >
> > > Signed-off-by: Edwin Plauchu <edwin.plauchu.camacho@intel.com>
> > > ---
> > > meta/conf/distro/include/security_flags.inc | 1 -
> > > .../stat/stat-3.3/fix-security-format.patch | 77
> > > ++++++++++++++++++++++
> > > meta/recipes-extended/stat/stat_3.3.bb | 1 +
> > > 3 files changed, 78 insertions(+), 1 deletion(-)
> > > create mode 100644 meta/recipes-extended/stat/stat-3.3/fix-security-
> > > format.patch
> > >
> > > diff --git a/meta/conf/distro/include/security_flags.inc
> > > b/meta/conf/distro/include/security_flags.inc
> > > index 7a91cec..5ae6dd8 100644
> > > --- a/meta/conf/distro/include/security_flags.inc
> > > +++ b/meta/conf/distro/include/security_flags.inc
> > > @@ -105,7 +105,6 @@ SECURITY_STRINGFORMAT_pn-gettext = ""
> > > SECURITY_STRINGFORMAT_pn-kexec-tools = ""
> > > SECURITY_STRINGFORMAT_pn-makedevs = ""
> > > SECURITY_STRINGFORMAT_pn-oh-puzzles = ""
> > > -SECURITY_STRINGFORMAT_pn-stat = ""
> > > SECURITY_STRINGFORMAT_pn-unzip = ""
> > > SECURITY_STRINGFORMAT_pn-zip = ""
> > >
> > > diff --git a/meta/recipes-extended/stat/stat-3.3/fix-security-format.patch
> > > b/meta/recipes-extended/stat/stat-3.3/fix-security-format.patch
> > > new file mode 100644
> > > index 0000000..7d9f8df
> > > --- /dev/null
> > > +++ b/meta/recipes-extended/stat/stat-3.3/fix-security-format.patch
> > > @@ -0,0 +1,77 @@
> > > +meta: recipes-extended: Fixing security formatting issues on stat
> > > +
> > > +Fix security formatting issues related to printf without NULL argument
> > > +
> > > +stat.c: In function 'print_human_access':
> > > +stat.c:292:13: error: format not a string literal and no format arguments
> > > [-Werror=format-security]
> > > + printf (access);
> > > + ^
> > > +stat.c: In function 'print_human_time':
> > > +stat.c:299:57: error: format not a string literal and no format arguments
> > > [-Werror=format-security]
> > > + if (strftime(str, 40, "%c", localtime(t)) > 0) printf(str);
> > > + ^
> > > +stat.c: In function 'print_it':
> > > +stat.c:613:6: error: format not a string literal and no format arguments
> > > [-Werror=format-security]
> > > + printf(b);
> > > + ^
> > > +stat.c:642:6: error: format not a string literal and no format arguments
> > > [-Werror=format-security]
> > > + printf(b);
> > > + ^
> > > +
> > > +[YOCTO #9550]
> > > +[https://bugzilla.yoctoproject.org/show_bug.cgi?id=9550]
> > > +
> > > +Upstream-Status: Pending
> > > +
> > > +Signed-off-by: Edwin Plauchu <edwin.plauchu.camacho@intel.com>
> > > +
> > > +diff --git a/stat.c b/stat.c
> > > +index 1ed07a9..351ab54 100644
> > > +--- a/stat.c
> > > ++++ b/stat.c
> > > +@@ -21,6 +21,8 @@
> > > +
> > > + #include "fs.h"
> > > +
> > > ++#define __PRINT(STR) printf (STR,NULL)
> > > ++
> > Can we use proper formatting string here something like
> > printf(“%s”, access );
> >
> > or use fputs() Call instead
> With fputs we need to specify stdout stream and
> the printf "%s" option needs a little bit more processing in formatting.
>
> The actual change covers the security considerations with minimal add of
> NULL if you
> know why the another ways will be better please tell me.
>
> Thanks in advance
> Edwin Plauchu
> >
> >
> > >
> > > + void print_human_type(unsigned short mode)
> > > + {
> > > + switch (mode & S_IFMT)
> > > +@@ -289,15 +291,15 @@ void print_human_access(struct stat *statbuf)
> > > + default:
> > > + access[0] = '?';
> > > + }
> > > +- printf (access);
> > > ++ __PRINT(access);
> > > + }
> > > +
> > > + void print_human_time(time_t *t)
> > > + {
> > > + char str[40];
> > > +
> > > +- if (strftime(str, 40, "%c", localtime(t)) > 0) printf(str);
> > > +- else printf("Cannot calculate human readable time, sorry");
> > > ++ if (strftime(str, 40, "%c", localtime(t)) > 0) __PRINT(str);
> > > ++ else __PRINT("Cannot calculate human readable time, sorry");
> > > + }
> > > +
> > > + /* print statfs info */
> > > +@@ -610,7 +612,7 @@ void print_it(char *masterformat, char *filename,
> > > + {
> > > + strcpy (pformat, "%");
> > > + *m++ = '\0';
> > > +- printf(b);
> > > ++ __PRINT(b);
> > > +
> > > + /* copy all format specifiers to our format string */
> > > + while (isdigit(*m) || strchr("#0-+. I", *m))
> > > +@@ -639,7 +641,7 @@ void print_it(char *masterformat, char *filename,
> > > + }
> > > + else
> > > + {
> > > +- printf(b);
> > > ++ __PRINT(b);
> > > + b = NULL;
> > > + }
> > > + }
Is there a particular reason you used a macro for this package when all the
others you submitted so far use printf(arg, NULL) directly? I think it would be
good to be consistent.
-Bill
^ permalink raw reply [flat|nested] 11+ messages in thread* Re: [PATCH] meta:recipes-extended: stat fix security gaps
2016-05-16 22:21 ` Randle, William C
@ 2016-05-17 0:21 ` Plauchu Edwin
2016-05-17 1:02 ` Khem Raj
0 siblings, 1 reply; 11+ messages in thread
From: Plauchu Edwin @ 2016-05-17 0:21 UTC (permalink / raw)
To: Randle, William C; +Cc: openembedded-core@lists.openembedded.org
Ok Bill
I rewrote the patch without using macros
http://lists.openembedded.org/pipermail/openembedded-core/2016-May/121581.html
On 16/05/16 17:21, Randle, William C wrote:
> On Mon, 2016-05-16 at 16:37 -0500, Plauchu Edwin wrote:
>> On 16/05/16 16:28, Khem Raj wrote:
>>>> On May 16, 2016, at 1:19 PM, edwin.plauchu.camacho@linux.intel.com wrote:
>>>>
>>>> From: Edwin Plauchu <edwin.plauchu.camacho@intel.com>
>>>>
>>>> This patch avoids stat fails to compile with compiler flags which elevate
>>>> common string formatting issues into an error (-Wformat -Wformat-security
>>>> -Werror=format-security).
>>>>
>>>> [YOCTO #9550]
>>>>
>>>> Signed-off-by: Edwin Plauchu <edwin.plauchu.camacho@intel.com>
>>>> ---
>>>> meta/conf/distro/include/security_flags.inc | 1 -
>>>> .../stat/stat-3.3/fix-security-format.patch | 77
>>>> ++++++++++++++++++++++
>>>> meta/recipes-extended/stat/stat_3.3.bb | 1 +
>>>> 3 files changed, 78 insertions(+), 1 deletion(-)
>>>> create mode 100644 meta/recipes-extended/stat/stat-3.3/fix-security-
>>>> format.patch
>>>>
>>>> diff --git a/meta/conf/distro/include/security_flags.inc
>>>> b/meta/conf/distro/include/security_flags.inc
>>>> index 7a91cec..5ae6dd8 100644
>>>> --- a/meta/conf/distro/include/security_flags.inc
>>>> +++ b/meta/conf/distro/include/security_flags.inc
>>>> @@ -105,7 +105,6 @@ SECURITY_STRINGFORMAT_pn-gettext = ""
>>>> SECURITY_STRINGFORMAT_pn-kexec-tools = ""
>>>> SECURITY_STRINGFORMAT_pn-makedevs = ""
>>>> SECURITY_STRINGFORMAT_pn-oh-puzzles = ""
>>>> -SECURITY_STRINGFORMAT_pn-stat = ""
>>>> SECURITY_STRINGFORMAT_pn-unzip = ""
>>>> SECURITY_STRINGFORMAT_pn-zip = ""
>>>>
>>>> diff --git a/meta/recipes-extended/stat/stat-3.3/fix-security-format.patch
>>>> b/meta/recipes-extended/stat/stat-3.3/fix-security-format.patch
>>>> new file mode 100644
>>>> index 0000000..7d9f8df
>>>> --- /dev/null
>>>> +++ b/meta/recipes-extended/stat/stat-3.3/fix-security-format.patch
>>>> @@ -0,0 +1,77 @@
>>>> +meta: recipes-extended: Fixing security formatting issues on stat
>>>> +
>>>> +Fix security formatting issues related to printf without NULL argument
>>>> +
>>>> +stat.c: In function 'print_human_access':
>>>> +stat.c:292:13: error: format not a string literal and no format arguments
>>>> [-Werror=format-security]
>>>> + printf (access);
>>>> + ^
>>>> +stat.c: In function 'print_human_time':
>>>> +stat.c:299:57: error: format not a string literal and no format arguments
>>>> [-Werror=format-security]
>>>> + if (strftime(str, 40, "%c", localtime(t)) > 0) printf(str);
>>>> + ^
>>>> +stat.c: In function 'print_it':
>>>> +stat.c:613:6: error: format not a string literal and no format arguments
>>>> [-Werror=format-security]
>>>> + printf(b);
>>>> + ^
>>>> +stat.c:642:6: error: format not a string literal and no format arguments
>>>> [-Werror=format-security]
>>>> + printf(b);
>>>> + ^
>>>> +
>>>> +[YOCTO #9550]
>>>> +[https://bugzilla.yoctoproject.org/show_bug.cgi?id=9550]
>>>> +
>>>> +Upstream-Status: Pending
>>>> +
>>>> +Signed-off-by: Edwin Plauchu <edwin.plauchu.camacho@intel.com>
>>>> +
>>>> +diff --git a/stat.c b/stat.c
>>>> +index 1ed07a9..351ab54 100644
>>>> +--- a/stat.c
>>>> ++++ b/stat.c
>>>> +@@ -21,6 +21,8 @@
>>>> +
>>>> + #include "fs.h"
>>>> +
>>>> ++#define __PRINT(STR) printf (STR,NULL)
>>>> ++
>>> Can we use proper formatting string here something like
>>> printf(“%s”, access );
>>>
>>> or use fputs() Call instead
>> With fputs we need to specify stdout stream and
>> the printf "%s" option needs a little bit more processing in formatting.
>>
>> The actual change covers the security considerations with minimal add of
>> NULL if you
>> know why the another ways will be better please tell me.
>>
>> Thanks in advance
>> Edwin Plauchu
>>>
>>>> + void print_human_type(unsigned short mode)
>>>> + {
>>>> + switch (mode & S_IFMT)
>>>> +@@ -289,15 +291,15 @@ void print_human_access(struct stat *statbuf)
>>>> + default:
>>>> + access[0] = '?';
>>>> + }
>>>> +- printf (access);
>>>> ++ __PRINT(access);
>>>> + }
>>>> +
>>>> + void print_human_time(time_t *t)
>>>> + {
>>>> + char str[40];
>>>> +
>>>> +- if (strftime(str, 40, "%c", localtime(t)) > 0) printf(str);
>>>> +- else printf("Cannot calculate human readable time, sorry");
>>>> ++ if (strftime(str, 40, "%c", localtime(t)) > 0) __PRINT(str);
>>>> ++ else __PRINT("Cannot calculate human readable time, sorry");
>>>> + }
>>>> +
>>>> + /* print statfs info */
>>>> +@@ -610,7 +612,7 @@ void print_it(char *masterformat, char *filename,
>>>> + {
>>>> + strcpy (pformat, "%");
>>>> + *m++ = '\0';
>>>> +- printf(b);
>>>> ++ __PRINT(b);
>>>> +
>>>> + /* copy all format specifiers to our format string */
>>>> + while (isdigit(*m) || strchr("#0-+. I", *m))
>>>> +@@ -639,7 +641,7 @@ void print_it(char *masterformat, char *filename,
>>>> + }
>>>> + else
>>>> + {
>>>> +- printf(b);
>>>> ++ __PRINT(b);
>>>> + b = NULL;
>>>> + }
>>>> + }
>
> Is there a particular reason you used a macro for this package when all the
> others you submitted so far use printf(arg, NULL) directly? I think it would be
> good to be consistent.
>
> -Bill
>
^ permalink raw reply [flat|nested] 11+ messages in thread* Re: [PATCH] meta:recipes-extended: stat fix security gaps
2016-05-17 0:21 ` Plauchu Edwin
@ 2016-05-17 1:02 ` Khem Raj
2016-05-17 2:15 ` Plauchu Edwin
0 siblings, 1 reply; 11+ messages in thread
From: Khem Raj @ 2016-05-17 1:02 UTC (permalink / raw)
To: Plauchu Edwin; +Cc: openembedded-core@lists.openembedded.org
[-- Attachment #1: Type: text/plain, Size: 5989 bytes --]
> On May 16, 2016, at 5:21 PM, Plauchu Edwin <edwin.plauchu.camacho@linux.intel.com> wrote:
>
> Ok Bill
>
> I rewrote the patch without using macros http://lists.openembedded.org/pipermail/openembedded-core/2016-May/121581.html
>
you did not address the other comment about using printf properly.
> On 16/05/16 17:21, Randle, William C wrote:
>> On Mon, 2016-05-16 at 16:37 -0500, Plauchu Edwin wrote:
>>> On 16/05/16 16:28, Khem Raj wrote:
>>>>> On May 16, 2016, at 1:19 PM, edwin.plauchu.camacho@linux.intel.com wrote:
>>>>>
>>>>> From: Edwin Plauchu <edwin.plauchu.camacho@intel.com>
>>>>>
>>>>> This patch avoids stat fails to compile with compiler flags which elevate
>>>>> common string formatting issues into an error (-Wformat -Wformat-security
>>>>> -Werror=format-security).
>>>>>
>>>>> [YOCTO #9550]
>>>>>
>>>>> Signed-off-by: Edwin Plauchu <edwin.plauchu.camacho@intel.com>
>>>>> ---
>>>>> meta/conf/distro/include/security_flags.inc | 1 -
>>>>> .../stat/stat-3.3/fix-security-format.patch | 77
>>>>> ++++++++++++++++++++++
>>>>> meta/recipes-extended/stat/stat_3.3.bb | 1 +
>>>>> 3 files changed, 78 insertions(+), 1 deletion(-)
>>>>> create mode 100644 meta/recipes-extended/stat/stat-3.3/fix-security-
>>>>> format.patch
>>>>>
>>>>> diff --git a/meta/conf/distro/include/security_flags.inc
>>>>> b/meta/conf/distro/include/security_flags.inc
>>>>> index 7a91cec..5ae6dd8 100644
>>>>> --- a/meta/conf/distro/include/security_flags.inc
>>>>> +++ b/meta/conf/distro/include/security_flags.inc
>>>>> @@ -105,7 +105,6 @@ SECURITY_STRINGFORMAT_pn-gettext = ""
>>>>> SECURITY_STRINGFORMAT_pn-kexec-tools = ""
>>>>> SECURITY_STRINGFORMAT_pn-makedevs = ""
>>>>> SECURITY_STRINGFORMAT_pn-oh-puzzles = ""
>>>>> -SECURITY_STRINGFORMAT_pn-stat = ""
>>>>> SECURITY_STRINGFORMAT_pn-unzip = ""
>>>>> SECURITY_STRINGFORMAT_pn-zip = ""
>>>>>
>>>>> diff --git a/meta/recipes-extended/stat/stat-3.3/fix-security-format.patch
>>>>> b/meta/recipes-extended/stat/stat-3.3/fix-security-format.patch
>>>>> new file mode 100644
>>>>> index 0000000..7d9f8df
>>>>> --- /dev/null
>>>>> +++ b/meta/recipes-extended/stat/stat-3.3/fix-security-format.patch
>>>>> @@ -0,0 +1,77 @@
>>>>> +meta: recipes-extended: Fixing security formatting issues on stat
>>>>> +
>>>>> +Fix security formatting issues related to printf without NULL argument
>>>>> +
>>>>> +stat.c: In function 'print_human_access':
>>>>> +stat.c:292:13: error: format not a string literal and no format arguments
>>>>> [-Werror=format-security]
>>>>> + printf (access);
>>>>> + ^
>>>>> +stat.c: In function 'print_human_time':
>>>>> +stat.c:299:57: error: format not a string literal and no format arguments
>>>>> [-Werror=format-security]
>>>>> + if (strftime(str, 40, "%c", localtime(t)) > 0) printf(str);
>>>>> + ^
>>>>> +stat.c: In function 'print_it':
>>>>> +stat.c:613:6: error: format not a string literal and no format arguments
>>>>> [-Werror=format-security]
>>>>> + printf(b);
>>>>> + ^
>>>>> +stat.c:642:6: error: format not a string literal and no format arguments
>>>>> [-Werror=format-security]
>>>>> + printf(b);
>>>>> + ^
>>>>> +
>>>>> +[YOCTO #9550]
>>>>> +[https://bugzilla.yoctoproject.org/show_bug.cgi?id=9550]
>>>>> +
>>>>> +Upstream-Status: Pending
>>>>> +
>>>>> +Signed-off-by: Edwin Plauchu <edwin.plauchu.camacho@intel.com>
>>>>> +
>>>>> +diff --git a/stat.c b/stat.c
>>>>> +index 1ed07a9..351ab54 100644
>>>>> +--- a/stat.c
>>>>> ++++ b/stat.c
>>>>> +@@ -21,6 +21,8 @@
>>>>> +
>>>>> + #include "fs.h"
>>>>> +
>>>>> ++#define __PRINT(STR) printf (STR,NULL)
>>>>> ++
>>>> Can we use proper formatting string here something like
>>>> printf(“%s”, access );
>>>>
>>>> or use fputs() Call instead
>>> With fputs we need to specify stdout stream and
>>> the printf "%s" option needs a little bit more processing in formatting.
>>>
>>> The actual change covers the security considerations with minimal add of
>>> NULL if you
>>> know why the another ways will be better please tell me.
>>>
>>> Thanks in advance
>>> Edwin Plauchu
>>>>
>>>>> + void print_human_type(unsigned short mode)
>>>>> + {
>>>>> + switch (mode & S_IFMT)
>>>>> +@@ -289,15 +291,15 @@ void print_human_access(struct stat *statbuf)
>>>>> + default:
>>>>> + access[0] = '?';
>>>>> + }
>>>>> +- printf (access);
>>>>> ++ __PRINT(access);
>>>>> + }
>>>>> +
>>>>> + void print_human_time(time_t *t)
>>>>> + {
>>>>> + char str[40];
>>>>> +
>>>>> +- if (strftime(str, 40, "%c", localtime(t)) > 0) printf(str);
>>>>> +- else printf("Cannot calculate human readable time, sorry");
>>>>> ++ if (strftime(str, 40, "%c", localtime(t)) > 0) __PRINT(str);
>>>>> ++ else __PRINT("Cannot calculate human readable time, sorry");
>>>>> + }
>>>>> +
>>>>> + /* print statfs info */
>>>>> +@@ -610,7 +612,7 @@ void print_it(char *masterformat, char *filename,
>>>>> + {
>>>>> + strcpy (pformat, "%");
>>>>> + *m++ = '\0';
>>>>> +- printf(b);
>>>>> ++ __PRINT(b);
>>>>> +
>>>>> + /* copy all format specifiers to our format string */
>>>>> + while (isdigit(*m) || strchr("#0-+. I", *m))
>>>>> +@@ -639,7 +641,7 @@ void print_it(char *masterformat, char *filename,
>>>>> + }
>>>>> + else
>>>>> + {
>>>>> +- printf(b);
>>>>> ++ __PRINT(b);
>>>>> + b = NULL;
>>>>> + }
>>>>> + }
>>
>> Is there a particular reason you used a macro for this package when all the
>> others you submitted so far use printf(arg, NULL) directly? I think it would be
>> good to be consistent.
>>
>> -Bill
>>
>
> --
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core
[-- Attachment #2: Message signed with OpenPGP using GPGMail --]
[-- Type: application/pgp-signature, Size: 211 bytes --]
^ permalink raw reply [flat|nested] 11+ messages in thread* Re: [PATCH] meta:recipes-extended: stat fix security gaps
2016-05-17 1:02 ` Khem Raj
@ 2016-05-17 2:15 ` Plauchu Edwin
0 siblings, 0 replies; 11+ messages in thread
From: Plauchu Edwin @ 2016-05-17 2:15 UTC (permalink / raw)
To: Khem Raj; +Cc: openembedded-core@lists.openembedded.org
This is the version fputs call
http://lists.openembedded.org/pipermail/openembedded-core/2016-May/121584.html
On 16/05/16 20:02, Khem Raj wrote:
>> On May 16, 2016, at 5:21 PM, Plauchu Edwin <edwin.plauchu.camacho@linux.intel.com> wrote:
>>
>> Ok Bill
>>
>> I rewrote the patch without using macros http://lists.openembedded.org/pipermail/openembedded-core/2016-May/121581.html
>>
> you did not address the other comment about using printf properly.
>
>> On 16/05/16 17:21, Randle, William C wrote:
>>> On Mon, 2016-05-16 at 16:37 -0500, Plauchu Edwin wrote:
>>>> On 16/05/16 16:28, Khem Raj wrote:
>>>>>> On May 16, 2016, at 1:19 PM, edwin.plauchu.camacho@linux.intel.com wrote:
>>>>>>
>>>>>> From: Edwin Plauchu <edwin.plauchu.camacho@intel.com>
>>>>>>
>>>>>> This patch avoids stat fails to compile with compiler flags which elevate
>>>>>> common string formatting issues into an error (-Wformat -Wformat-security
>>>>>> -Werror=format-security).
>>>>>>
>>>>>> [YOCTO #9550]
>>>>>>
>>>>>> Signed-off-by: Edwin Plauchu <edwin.plauchu.camacho@intel.com>
>>>>>> ---
>>>>>> meta/conf/distro/include/security_flags.inc | 1 -
>>>>>> .../stat/stat-3.3/fix-security-format.patch | 77
>>>>>> ++++++++++++++++++++++
>>>>>> meta/recipes-extended/stat/stat_3.3.bb | 1 +
>>>>>> 3 files changed, 78 insertions(+), 1 deletion(-)
>>>>>> create mode 100644 meta/recipes-extended/stat/stat-3.3/fix-security-
>>>>>> format.patch
>>>>>>
>>>>>> diff --git a/meta/conf/distro/include/security_flags.inc
>>>>>> b/meta/conf/distro/include/security_flags.inc
>>>>>> index 7a91cec..5ae6dd8 100644
>>>>>> --- a/meta/conf/distro/include/security_flags.inc
>>>>>> +++ b/meta/conf/distro/include/security_flags.inc
>>>>>> @@ -105,7 +105,6 @@ SECURITY_STRINGFORMAT_pn-gettext = ""
>>>>>> SECURITY_STRINGFORMAT_pn-kexec-tools = ""
>>>>>> SECURITY_STRINGFORMAT_pn-makedevs = ""
>>>>>> SECURITY_STRINGFORMAT_pn-oh-puzzles = ""
>>>>>> -SECURITY_STRINGFORMAT_pn-stat = ""
>>>>>> SECURITY_STRINGFORMAT_pn-unzip = ""
>>>>>> SECURITY_STRINGFORMAT_pn-zip = ""
>>>>>>
>>>>>> diff --git a/meta/recipes-extended/stat/stat-3.3/fix-security-format.patch
>>>>>> b/meta/recipes-extended/stat/stat-3.3/fix-security-format.patch
>>>>>> new file mode 100644
>>>>>> index 0000000..7d9f8df
>>>>>> --- /dev/null
>>>>>> +++ b/meta/recipes-extended/stat/stat-3.3/fix-security-format.patch
>>>>>> @@ -0,0 +1,77 @@
>>>>>> +meta: recipes-extended: Fixing security formatting issues on stat
>>>>>> +
>>>>>> +Fix security formatting issues related to printf without NULL argument
>>>>>> +
>>>>>> +stat.c: In function 'print_human_access':
>>>>>> +stat.c:292:13: error: format not a string literal and no format arguments
>>>>>> [-Werror=format-security]
>>>>>> + printf (access);
>>>>>> + ^
>>>>>> +stat.c: In function 'print_human_time':
>>>>>> +stat.c:299:57: error: format not a string literal and no format arguments
>>>>>> [-Werror=format-security]
>>>>>> + if (strftime(str, 40, "%c", localtime(t)) > 0) printf(str);
>>>>>> + ^
>>>>>> +stat.c: In function 'print_it':
>>>>>> +stat.c:613:6: error: format not a string literal and no format arguments
>>>>>> [-Werror=format-security]
>>>>>> + printf(b);
>>>>>> + ^
>>>>>> +stat.c:642:6: error: format not a string literal and no format arguments
>>>>>> [-Werror=format-security]
>>>>>> + printf(b);
>>>>>> + ^
>>>>>> +
>>>>>> +[YOCTO #9550]
>>>>>> +[https://bugzilla.yoctoproject.org/show_bug.cgi?id=9550]
>>>>>> +
>>>>>> +Upstream-Status: Pending
>>>>>> +
>>>>>> +Signed-off-by: Edwin Plauchu <edwin.plauchu.camacho@intel.com>
>>>>>> +
>>>>>> +diff --git a/stat.c b/stat.c
>>>>>> +index 1ed07a9..351ab54 100644
>>>>>> +--- a/stat.c
>>>>>> ++++ b/stat.c
>>>>>> +@@ -21,6 +21,8 @@
>>>>>> +
>>>>>> + #include "fs.h"
>>>>>> +
>>>>>> ++#define __PRINT(STR) printf (STR,NULL)
>>>>>> ++
>>>>> Can we use proper formatting string here something like
>>>>> printf(“%s”, access );
>>>>>
>>>>> or use fputs() Call instead
>>>> With fputs we need to specify stdout stream and
>>>> the printf "%s" option needs a little bit more processing in formatting.
>>>>
>>>> The actual change covers the security considerations with minimal add of
>>>> NULL if you
>>>> know why the another ways will be better please tell me.
>>>>
>>>> Thanks in advance
>>>> Edwin Plauchu
>>>>>> + void print_human_type(unsigned short mode)
>>>>>> + {
>>>>>> + switch (mode & S_IFMT)
>>>>>> +@@ -289,15 +291,15 @@ void print_human_access(struct stat *statbuf)
>>>>>> + default:
>>>>>> + access[0] = '?';
>>>>>> + }
>>>>>> +- printf (access);
>>>>>> ++ __PRINT(access);
>>>>>> + }
>>>>>> +
>>>>>> + void print_human_time(time_t *t)
>>>>>> + {
>>>>>> + char str[40];
>>>>>> +
>>>>>> +- if (strftime(str, 40, "%c", localtime(t)) > 0) printf(str);
>>>>>> +- else printf("Cannot calculate human readable time, sorry");
>>>>>> ++ if (strftime(str, 40, "%c", localtime(t)) > 0) __PRINT(str);
>>>>>> ++ else __PRINT("Cannot calculate human readable time, sorry");
>>>>>> + }
>>>>>> +
>>>>>> + /* print statfs info */
>>>>>> +@@ -610,7 +612,7 @@ void print_it(char *masterformat, char *filename,
>>>>>> + {
>>>>>> + strcpy (pformat, "%");
>>>>>> + *m++ = '\0';
>>>>>> +- printf(b);
>>>>>> ++ __PRINT(b);
>>>>>> +
>>>>>> + /* copy all format specifiers to our format string */
>>>>>> + while (isdigit(*m) || strchr("#0-+. I", *m))
>>>>>> +@@ -639,7 +641,7 @@ void print_it(char *masterformat, char *filename,
>>>>>> + }
>>>>>> + else
>>>>>> + {
>>>>>> +- printf(b);
>>>>>> ++ __PRINT(b);
>>>>>> + b = NULL;
>>>>>> + }
>>>>>> + }
>>> Is there a particular reason you used a macro for this package when all the
>>> others you submitted so far use printf(arg, NULL) directly? I think it would be
>>> good to be consistent.
>>>
>>> -Bill
>>>
>> --
>> _______________________________________________
>> Openembedded-core mailing list
>> Openembedded-core@lists.openembedded.org
>> http://lists.openembedded.org/mailman/listinfo/openembedded-core
^ permalink raw reply [flat|nested] 11+ messages in thread
* [PATCH] meta:recipes-extended: stat fix security gaps
@ 2016-05-17 0:19 Edwin Plauchu
0 siblings, 0 replies; 11+ messages in thread
From: Edwin Plauchu @ 2016-05-17 0:19 UTC (permalink / raw)
To: openembedded-core; +Cc: Edwin Plauchu
From: Edwin Plauchu <edwin.plauchu.camacho@intel.com>
This patch avoids stat fails to compile with compiler flags which elevate common string formatting issues into an error (-Wformat -Wformat-security -Werror=format-security).
[YOCTO #9550]
Signed-off-by: Edwin Plauchu <edwin.plauchu.camacho@intel.com>
---
meta/conf/distro/include/security_flags.inc | 1 -
.../stat/stat-3.3/fix-security-format.patch | 68 ++++++++++++++++++++++
meta/recipes-extended/stat/stat_3.3.bb | 1 +
3 files changed, 69 insertions(+), 1 deletion(-)
create mode 100644 meta/recipes-extended/stat/stat-3.3/fix-security-format.patch
diff --git a/meta/conf/distro/include/security_flags.inc b/meta/conf/distro/include/security_flags.inc
index 7a91cec..5ae6dd8 100644
--- a/meta/conf/distro/include/security_flags.inc
+++ b/meta/conf/distro/include/security_flags.inc
@@ -105,7 +105,6 @@ SECURITY_STRINGFORMAT_pn-gettext = ""
SECURITY_STRINGFORMAT_pn-kexec-tools = ""
SECURITY_STRINGFORMAT_pn-makedevs = ""
SECURITY_STRINGFORMAT_pn-oh-puzzles = ""
-SECURITY_STRINGFORMAT_pn-stat = ""
SECURITY_STRINGFORMAT_pn-unzip = ""
SECURITY_STRINGFORMAT_pn-zip = ""
diff --git a/meta/recipes-extended/stat/stat-3.3/fix-security-format.patch b/meta/recipes-extended/stat/stat-3.3/fix-security-format.patch
new file mode 100644
index 0000000..1593b56
--- /dev/null
+++ b/meta/recipes-extended/stat/stat-3.3/fix-security-format.patch
@@ -0,0 +1,68 @@
+meta: recipes-extended: Fixing security formatting issues on stat
+
+Fix security formatting issues related to printf without NULL argument
+
+stat.c: In function 'print_human_access':
+stat.c:292:13: error: format not a string literal and no format arguments [-Werror=format-security]
+ printf (access);
+ ^
+stat.c: In function 'print_human_time':
+stat.c:299:57: error: format not a string literal and no format arguments [-Werror=format-security]
+ if (strftime(str, 40, "%c", localtime(t)) > 0) printf(str);
+ ^
+stat.c: In function 'print_it':
+stat.c:613:6: error: format not a string literal and no format arguments [-Werror=format-security]
+ printf(b);
+ ^
+stat.c:642:6: error: format not a string literal and no format arguments [-Werror=format-security]
+ printf(b);
+ ^
+
+[YOCTO #9550]
+[https://bugzilla.yoctoproject.org/show_bug.cgi?id=9550]
+
+Upstream-Status: Pending
+
+Signed-off-by: Edwin Plauchu <edwin.plauchu.camacho@intel.com>
+
+diff --git a/stat.c b/stat.c
+index 1ed07a9..7590ac4 100644
+--- a/stat.c
++++ b/stat.c
+@@ -289,15 +289,15 @@ void print_human_access(struct stat *statbuf)
+ default:
+ access[0] = '?';
+ }
+- printf (access);
++ printf (access,NULL);
+ }
+
+ void print_human_time(time_t *t)
+ {
+ char str[40];
+
+- if (strftime(str, 40, "%c", localtime(t)) > 0) printf(str);
+- else printf("Cannot calculate human readable time, sorry");
++ if (strftime(str, 40, "%c", localtime(t)) > 0) printf(str,NULL);
++ else printf("Cannot calculate human readable time, sorry",NULL);
+ }
+
+ /* print statfs info */
+@@ -610,7 +610,7 @@ void print_it(char *masterformat, char *filename,
+ {
+ strcpy (pformat, "%");
+ *m++ = '\0';
+- printf(b);
++ printf(b,NULL);
+
+ /* copy all format specifiers to our format string */
+ while (isdigit(*m) || strchr("#0-+. I", *m))
+@@ -639,7 +639,7 @@ void print_it(char *masterformat, char *filename,
+ }
+ else
+ {
+- printf(b);
++ printf(b,NULL);
+ b = NULL;
+ }
+ }
diff --git a/meta/recipes-extended/stat/stat_3.3.bb b/meta/recipes-extended/stat/stat_3.3.bb
index a5ece07..0697c73 100644
--- a/meta/recipes-extended/stat/stat_3.3.bb
+++ b/meta/recipes-extended/stat/stat_3.3.bb
@@ -6,6 +6,7 @@ LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=39886b077fd072e876e5c4c16310b631 \
file://GPL;md5=94d55d512a9ba36caa9b7df079bae19f"
SRC_URI = "http://www.ibiblio.org/pub/Linux/utils/file/${BP}.tar.gz \
+ file://fix-security-format.patch \
file://fix-error-return.patch"
SRC_URI[md5sum] = "37e247e8e400ad9205f1b0500b728fd3"
--
1.9.1
^ permalink raw reply related [flat|nested] 11+ messages in thread* [PATCH] meta:recipes-extended: stat fix security gaps
@ 2016-05-17 2:12 Edwin Plauchu
2016-05-17 2:40 ` Christopher Larson
0 siblings, 1 reply; 11+ messages in thread
From: Edwin Plauchu @ 2016-05-17 2:12 UTC (permalink / raw)
To: openembedded-core; +Cc: Edwin Plauchu
From: Edwin Plauchu <edwin.plauchu.camacho@intel.com>
This patch avoids stat fails to compile with compiler flags which elevate common string formatting issues into an error (-Wformat -Wformat-security -Werror=format-security).
[YOCTO #9550]
Signed-off-by: Edwin Plauchu <edwin.plauchu.camacho@intel.com>
---
meta/conf/distro/include/security_flags.inc | 1 -
.../stat/stat-3.3/fix-security-format.patch | 68 ++++++++++++++++++++++
meta/recipes-extended/stat/stat_3.3.bb | 1 +
3 files changed, 69 insertions(+), 1 deletion(-)
create mode 100644 meta/recipes-extended/stat/stat-3.3/fix-security-format.patch
diff --git a/meta/conf/distro/include/security_flags.inc b/meta/conf/distro/include/security_flags.inc
index 7a91cec..5ae6dd8 100644
--- a/meta/conf/distro/include/security_flags.inc
+++ b/meta/conf/distro/include/security_flags.inc
@@ -105,7 +105,6 @@ SECURITY_STRINGFORMAT_pn-gettext = ""
SECURITY_STRINGFORMAT_pn-kexec-tools = ""
SECURITY_STRINGFORMAT_pn-makedevs = ""
SECURITY_STRINGFORMAT_pn-oh-puzzles = ""
-SECURITY_STRINGFORMAT_pn-stat = ""
SECURITY_STRINGFORMAT_pn-unzip = ""
SECURITY_STRINGFORMAT_pn-zip = ""
diff --git a/meta/recipes-extended/stat/stat-3.3/fix-security-format.patch b/meta/recipes-extended/stat/stat-3.3/fix-security-format.patch
new file mode 100644
index 0000000..18f9f34
--- /dev/null
+++ b/meta/recipes-extended/stat/stat-3.3/fix-security-format.patch
@@ -0,0 +1,68 @@
+meta: recipes-extended: Fixing security formatting issues on stat
+
+Fix security formatting issues related to printf without NULL argument
+
+stat.c: In function 'print_human_access':
+stat.c:292:13: error: format not a string literal and no format arguments [-Werror=format-security]
+ printf (access);
+ ^
+stat.c: In function 'print_human_time':
+stat.c:299:57: error: format not a string literal and no format arguments [-Werror=format-security]
+ if (strftime(str, 40, "%c", localtime(t)) > 0) printf(str);
+ ^
+stat.c: In function 'print_it':
+stat.c:613:6: error: format not a string literal and no format arguments [-Werror=format-security]
+ printf(b);
+ ^
+stat.c:642:6: error: format not a string literal and no format arguments [-Werror=format-security]
+ printf(b);
+ ^
+
+[YOCTO #9550]
+[https://bugzilla.yoctoproject.org/show_bug.cgi?id=9550]
+
+Upstream-Status: Pending
+
+Signed-off-by: Edwin Plauchu <edwin.plauchu.camacho@intel.com>
+
+diff --git a/stat.c b/stat.c
+index 1ed07a9..2be6f62 100644
+--- a/stat.c
++++ b/stat.c
+@@ -289,15 +289,15 @@ void print_human_access(struct stat *statbuf)
+ default:
+ access[0] = '?';
+ }
+- printf (access);
++ fputs(access,stdout);
+ }
+
+ void print_human_time(time_t *t)
+ {
+ char str[40];
+
+- if (strftime(str, 40, "%c", localtime(t)) > 0) printf(str);
+- else printf("Cannot calculate human readable time, sorry");
++ if (strftime(str, 40, "%c", localtime(t)) > 0) fputs(str,stdout);
++ else fputs("Cannot calculate human readable time, sorry",stdout);
+ }
+
+ /* print statfs info */
+@@ -610,7 +610,7 @@ void print_it(char *masterformat, char *filename,
+ {
+ strcpy (pformat, "%");
+ *m++ = '\0';
+- printf(b);
++ fputs(b,stdout);
+
+ /* copy all format specifiers to our format string */
+ while (isdigit(*m) || strchr("#0-+. I", *m))
+@@ -639,7 +639,7 @@ void print_it(char *masterformat, char *filename,
+ }
+ else
+ {
+- printf(b);
++ fputs(b,stdout);
+ b = NULL;
+ }
+ }
diff --git a/meta/recipes-extended/stat/stat_3.3.bb b/meta/recipes-extended/stat/stat_3.3.bb
index a5ece07..0697c73 100644
--- a/meta/recipes-extended/stat/stat_3.3.bb
+++ b/meta/recipes-extended/stat/stat_3.3.bb
@@ -6,6 +6,7 @@ LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=39886b077fd072e876e5c4c16310b631 \
file://GPL;md5=94d55d512a9ba36caa9b7df079bae19f"
SRC_URI = "http://www.ibiblio.org/pub/Linux/utils/file/${BP}.tar.gz \
+ file://fix-security-format.patch \
file://fix-error-return.patch"
SRC_URI[md5sum] = "37e247e8e400ad9205f1b0500b728fd3"
--
1.9.1
^ permalink raw reply related [flat|nested] 11+ messages in thread* Re: [PATCH] meta:recipes-extended: stat fix security gaps
2016-05-17 2:12 Edwin Plauchu
@ 2016-05-17 2:40 ` Christopher Larson
0 siblings, 0 replies; 11+ messages in thread
From: Christopher Larson @ 2016-05-17 2:40 UTC (permalink / raw)
To: Edwin Plauchu
Cc: Edwin Plauchu, Patches and discussions about the oe-core layer
[-- Attachment #1: Type: text/plain, Size: 718 bytes --]
On Mon, May 16, 2016 at 7:12 PM, Edwin Plauchu <
edwin.plauchu.camacho@linux.intel.com> wrote:
> From: Edwin Plauchu <edwin.plauchu.camacho@intel.com>
>
> This patch avoids stat fails to compile with compiler flags which elevate
> common string formatting issues into an error (-Wformat -Wformat-security
> -Werror=format-security).
>
> [YOCTO #9550]
>
> Signed-off-by: Edwin Plauchu <edwin.plauchu.camacho@intel.com>
>
This commit message summary violates project policy. The summary is
prefixed by the recipe or file, not its full path.
--
Christopher Larson
clarson at kergoth dot com
Founder - BitBake, OpenEmbedded, OpenZaurus
Maintainer - Tslib
Senior Software Engineer, Mentor Graphics
[-- Attachment #2: Type: text/html, Size: 1211 bytes --]
^ permalink raw reply [flat|nested] 11+ messages in thread
end of thread, other threads:[~2016-05-17 2:40 UTC | newest]
Thread overview: 11+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-05-16 20:19 [PATCH] meta:recipes-extended: stat fix security gaps edwin.plauchu.camacho
2016-05-16 21:28 ` Khem Raj
2016-05-16 21:37 ` Plauchu Edwin
2016-05-16 22:20 ` Khem Raj
2016-05-16 22:21 ` Randle, William C
2016-05-17 0:21 ` Plauchu Edwin
2016-05-17 1:02 ` Khem Raj
2016-05-17 2:15 ` Plauchu Edwin
-- strict thread matches above, loose matches on Subject: below --
2016-05-17 0:19 Edwin Plauchu
2016-05-17 2:12 Edwin Plauchu
2016-05-17 2:40 ` Christopher Larson
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox