Fix format security errors with hardening build flags

These problems were found while building with the hardening options used by Debian. In order to prevent introducing new unsafe constructs, the options -Wformat" and -Werror=format-security are addeded to the CFLAGS by configure.ac if the compiler supports them. Also, a small spelling fix in posix-aio.c is included. Change-Id: I1034311644fa3c21bc5a7b842c41a3ca79108b3f BUG: 887278 Original-author: Patrick Matthäi <pmatthaei@debian.org> Signed-off-by: Niels de Vos <ndevos@redhat.com> Reviewed-on: http://review.gluster.org/4311 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Kaleb KEITHLEY <kkeithle@redhat.com> Reviewed-by: Anand Avati <avati@redhat.com>
author: Niels de Vos <ndevos@redhat.com> 2012-12-14 10:48:46 +0100
committer: Anand Avati <avati@redhat.com> 2013-01-16 17:44:43 -0800
commit: b9249c8f9f838c2a9c28e5c09fffddc9c8917df6 (patch)
tree: 0bb5a1010f0b4f575f7f48e700be5184e21c482c
parent: fba70e641eb52c90fa29fc26d916e4607e286779 (diff)
download: glusterfs-b9249c8f9f838c2a9c28e5c09fffddc9c8917df6.tar.gz
glusterfs-b9249c8f9f838c2a9c28e5c09fffddc9c8917df6.tar.xz
glusterfs-b9249c8f9f838c2a9c28e5c09fffddc9c8917df6.zip
6 files changed, 22 insertions, 10 deletions
diff --git a/cli/src/cli.c b/cli/src/cli.c
index a2457c2b6b..4ff1728059 100644
--- a/cli/src/cli.c
+++ b/cli/src/cli.c
@@ -298,12 +298,12 @@ cli_opt_parse (char *opt, struct cli_state *state)
                 return 1;
 
         if (strcmp (opt, "version") == 0) {
-                cli_out (argp_program_version);
+                cli_out ("%s", argp_program_version);
                 exit (0);
         }
 
         if (strcmp (opt, "print-logdir") == 0) {
-                cli_out (DEFAULT_LOG_FILE_DIRECTORY);
+                cli_out ("%s", DEFAULT_LOG_FILE_DIRECTORY);
                 exit (0);
         }
 
diff --git a/configure.ac b/configure.ac
index dec146e529..3f87a46a08 100644
--- a/configure.ac
+++ b/configure.ac
@@ -523,6 +523,18 @@ GF_HOST_OS=""
 GF_LDFLAGS="-rdynamic"
 CFLAGS="-g"
 
+# check for gcc -Werror=format-security
+saved_CFLAGS=$CFLAGS
+CFLAGS="-Wformat -Werror=format-security"
+AC_MSG_CHECKING([whether $CC accepts -Werror=format-security])
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM()], [cc_werror_format_security=yes], [cc_werror_format_security=no])
+echo $cc_werror_format_security
+if test "x$cc_werror_format_security" = "xno"; then
+    CFLAGS="$saved_CFLAGS"
+else
+    CFLAGS="$saved_CFLAGS $CFLAGS"
+fi
+
 case $host_os in
      linux*)
      dnl	GF_LINUX_HOST_OS=1
diff --git a/xlators/mgmt/glusterd/src/glusterd-handler.c b/xlators/mgmt/glusterd/src/glusterd-handler.c
index fe85eb3974..d4bdcd740a 100644
--- a/xlators/mgmt/glusterd/src/glusterd-handler.c
+++ b/xlators/mgmt/glusterd/src/glusterd-handler.c
@@ -1070,7 +1070,7 @@ glusterd_handle_cli_uuid_reset (rpcsvc_request_t *req)
                 snprintf (msg_str, sizeof (msg_str), "volumes are already "
                           "present in the cluster. Resetting uuid is not "
                           "allowed");
-                gf_log (this->name, GF_LOG_WARNING, msg_str);
+                gf_log (this->name, GF_LOG_WARNING, "%s", msg_str);
                 goto out;
         }
 
@@ -1079,7 +1079,7 @@ glusterd_handle_cli_uuid_reset (rpcsvc_request_t *req)
                 snprintf (msg_str, sizeof (msg_str),"trusted storage pool "
                           "has been already formed. Please detach this peer "
                           "from the pool and reset its uuid.");
-                gf_log (this->name, GF_LOG_WARNING, msg_str);
+                gf_log (this->name, GF_LOG_WARNING, "%s", msg_str);
                 goto out;
         }
 
@@ -1089,7 +1089,7 @@ glusterd_handle_cli_uuid_reset (rpcsvc_request_t *req)
         if (!uuid_compare (uuid, MY_UUID)) {
                 snprintf (msg_str, sizeof (msg_str), "old uuid and the new uuid"
                           " are same. Try gluster peer reset again");
-                gf_log (this->name, GF_LOG_ERROR, msg_str);
+                gf_log (this->name, GF_LOG_ERROR, "%s", msg_str);
                 ret = -1;
                 goto out;
         }
diff --git a/xlators/mgmt/glusterd/src/glusterd-op-sm.c b/xlators/mgmt/glusterd/src/glusterd-op-sm.c
index 6ef0b21c5a..69e6fad85a 100644
--- a/xlators/mgmt/glusterd/src/glusterd-op-sm.c
+++ b/xlators/mgmt/glusterd/src/glusterd-op-sm.c
@@ -1431,7 +1431,7 @@ glusterd_op_set_volume (dict_t *dict)
                 if (ret) {
                         op_errstr = (op_errstr)? op_errstr:
                                      "Volume set help internal error";
-                        gf_log (this->name, GF_LOG_ERROR, op_errstr);
+                        gf_log (this->name, GF_LOG_ERROR, "%s", op_errstr);
                 }
                 goto out;
          }
@@ -2678,7 +2678,7 @@ glusterd_op_ac_send_stage_op (glusterd_op_sm_event_t *event, void *ctx)
 
         ret = glusterd_op_validate_quorum (this, op, dict, &op_errstr);
         if (ret) {
-                gf_log (this->name, GF_LOG_ERROR, op_errstr);
+                gf_log (this->name, GF_LOG_ERROR, "%s", op_errstr);
                 opinfo.op_errstr = op_errstr;
                 goto out;
         }
diff --git a/xlators/mgmt/glusterd/src/glusterd-replace-brick.c b/xlators/mgmt/glusterd/src/glusterd-replace-brick.c
index 7e4d8c78b2..c57be5196e 100644
--- a/xlators/mgmt/glusterd/src/glusterd-replace-brick.c
+++ b/xlators/mgmt/glusterd/src/glusterd-replace-brick.c
@@ -321,7 +321,7 @@ glusterd_op_stage_replace_brick (dict_t *dict, char **op_errstr,
                 if (glusterd_is_rb_started (volinfo)) {
                         snprintf (msg, sizeof (msg), "Replace brick is already "
                                   "started for volume");
-                        gf_log (this->name, GF_LOG_ERROR, msg);
+                        gf_log (this->name, GF_LOG_ERROR, "%s", msg);
                         *op_errstr = gf_strdup (msg);
                         ret = -1;
                         goto out;
@@ -487,7 +487,7 @@ glusterd_op_stage_replace_brick (dict_t *dict, char **op_errstr,
         if (ret) {
                 *op_errstr = gf_strdup (msg);
                 ret = -1;
-                gf_log (this->name, GF_LOG_ERROR, *op_errstr);
+                gf_log (this->name, GF_LOG_ERROR, "%s", *op_errstr);
                 goto out;
         }
 
diff --git a/xlators/storage/posix/src/posix-aio.c b/xlators/storage/posix/src/posix-aio.c
index f807618ce1..fad4a7df3d 100644
--- a/xlators/storage/posix/src/posix-aio.c
+++ b/xlators/storage/posix/src/posix-aio.c
@@ -566,7 +566,7 @@ __posix_fd_set_odirect (fd_t *fd, struct posix_fd *pfd, int opflags,
 {
         xlator_t        *this = THIS;
         gf_log (this->name, GF_LOG_INFO,
-                "Linux AIO not availble at build-time."
+                "Linux AIO not available at build-time."
                 " Continuing with synchronous IO");
         return;
 }
author	Niels de Vos <ndevos@redhat.com>	2012-12-14 10:48:46 +0100
committer	Anand Avati <avati@redhat.com>	2013-01-16 17:44:43 -0800
commit	b9249c8f9f838c2a9c28e5c09fffddc9c8917df6 (patch)
tree	0bb5a1010f0b4f575f7f48e700be5184e21c482c
parent	fba70e641eb52c90fa29fc26d916e4607e286779 (diff)
download	glusterfs-b9249c8f9f838c2a9c28e5c09fffddc9c8917df6.tar.gz glusterfs-b9249c8f9f838c2a9c28e5c09fffddc9c8917df6.tar.xz glusterfs-b9249c8f9f838c2a9c28e5c09fffddc9c8917df6.zip