[OE-core] [PATCH] meta:recipes-extended: stat fix security gaps

Khem Raj raj.khem at gmail.com
Mon May 16 21:28:02 UTC 2016 

> On May 16, 2016, at 1:19 PM, edwin.plauchu.camacho at linux.intel.com wrote:
> 
> From: Edwin Plauchu <edwin.plauchu.camacho at intel.com>
> 
> This patch avoids stat fails to compile with compiler flags which elevate common string formatting issues into an error (-Wformat -Wformat-security -Werror=format-security).
> 
> [YOCTO #9550]
> 
> Signed-off-by: Edwin Plauchu <edwin.plauchu.camacho at intel.com>
> ---
> meta/conf/distro/include/security_flags.inc        |  1 -
> .../stat/stat-3.3/fix-security-format.patch        | 77 ++++++++++++++++++++++
> meta/recipes-extended/stat/stat_3.3.bb             |  1 +
> 3 files changed, 78 insertions(+), 1 deletion(-)
> create mode 100644 meta/recipes-extended/stat/stat-3.3/fix-security-format.patch
> 
> diff --git a/meta/conf/distro/include/security_flags.inc b/meta/conf/distro/include/security_flags.inc
> index 7a91cec..5ae6dd8 100644
> --- a/meta/conf/distro/include/security_flags.inc
> +++ b/meta/conf/distro/include/security_flags.inc
> @@ -105,7 +105,6 @@ SECURITY_STRINGFORMAT_pn-gettext = ""
> SECURITY_STRINGFORMAT_pn-kexec-tools = ""
> SECURITY_STRINGFORMAT_pn-makedevs = ""
> SECURITY_STRINGFORMAT_pn-oh-puzzles = ""
> -SECURITY_STRINGFORMAT_pn-stat = ""
> SECURITY_STRINGFORMAT_pn-unzip = ""
> SECURITY_STRINGFORMAT_pn-zip = ""
> 
> diff --git a/meta/recipes-extended/stat/stat-3.3/fix-security-format.patch b/meta/recipes-extended/stat/stat-3.3/fix-security-format.patch
> new file mode 100644
> index 0000000..7d9f8df
> --- /dev/null
> +++ b/meta/recipes-extended/stat/stat-3.3/fix-security-format.patch
> @@ -0,0 +1,77 @@
> +meta: recipes-extended: Fixing security formatting issues on stat
> +
> +Fix security formatting issues related to printf without NULL argument
> +
> +stat.c: In function 'print_human_access':
> +stat.c:292:13: error: format not a string literal and no format arguments [-Werror=format-security]
> +     printf (access);
> +             ^
> +stat.c: In function 'print_human_time':
> +stat.c:299:57: error: format not a string literal and no format arguments [-Werror=format-security]
> +   if (strftime(str, 40, "%c", localtime(t)) > 0) printf(str);
> +                                                         ^
> +stat.c: In function 'print_it':
> +stat.c:613:6: error: format not a string literal and no format arguments [-Werror=format-security]
> +      printf(b);
> +      ^
> +stat.c:642:6: error: format not a string literal and no format arguments [-Werror=format-security]
> +      printf(b);
> +      ^
> +
> +[YOCTO #9550]
> +[https://bugzilla.yoctoproject.org/show_bug.cgi?id=9550]
> +
> +Upstream-Status: Pending
> +
> +Signed-off-by: Edwin Plauchu <edwin.plauchu.camacho at intel.com>
> +
> +diff --git a/stat.c b/stat.c
> +index 1ed07a9..351ab54 100644
> +--- a/stat.c
> ++++ b/stat.c
> +@@ -21,6 +21,8 @@
> +
> + #include "fs.h"
> +
> ++#define __PRINT(STR) printf (STR,NULL)
> ++

Can we use proper formatting string here something like
printf(“%s”, access );

or use fputs() Call instead

> + void print_human_type(unsigned short mode)
> + {
> +   switch (mode & S_IFMT)
> +@@ -289,15 +291,15 @@ void print_human_access(struct stat *statbuf)
> +     default:
> +       access[0] = '?';
> +     }
> +-    printf (access);
> ++    __PRINT(access);
> + }
> +
> + void print_human_time(time_t *t)
> + {
> +   char str[40];
> +
> +-  if (strftime(str, 40, "%c", localtime(t)) > 0) printf(str);
> +-  else printf("Cannot calculate human readable time, sorry");
> ++  if (strftime(str, 40, "%c", localtime(t)) > 0) __PRINT(str);
> ++  else __PRINT("Cannot calculate human readable time, sorry");
> + }
> +
> + /* print statfs info */
> +@@ -610,7 +612,7 @@ void print_it(char *masterformat, char *filename,
> + 	{
> + 	    strcpy (pformat, "%");
> + 	    *m++ = '\0';
> +-	    printf(b);
> ++	    __PRINT(b);
> +
> + 	    /* copy all format specifiers to our format string */
> + 	    while (isdigit(*m) || strchr("#0-+. I", *m))
> +@@ -639,7 +641,7 @@ void print_it(char *masterformat, char *filename,
> + 	}
> + 	else
> + 	{
> +-	    printf(b);
> ++	    __PRINT(b);
> + 	    b = NULL;
> + 	}
> +     }
> diff --git a/meta/recipes-extended/stat/stat_3.3.bb b/meta/recipes-extended/stat/stat_3.3.bb
> index a5ece07..0697c73 100644
> --- a/meta/recipes-extended/stat/stat_3.3.bb
> +++ b/meta/recipes-extended/stat/stat_3.3.bb
> @@ -6,6 +6,7 @@ LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=39886b077fd072e876e5c4c16310b631 \
>                     file://GPL;md5=94d55d512a9ba36caa9b7df079bae19f"
> 
> SRC_URI = "http://www.ibiblio.org/pub/Linux/utils/file/${BP}.tar.gz \
> +           file://fix-security-format.patch \
>            file://fix-error-return.patch"
> 
> SRC_URI[md5sum] = "37e247e8e400ad9205f1b0500b728fd3"
> --
> 1.9.1
> 
> --
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core at lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 204 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.openembedded.org/pipermail/openembedded-core/attachments/20160516/50cc3470/attachment-0002.sig>

More information about the Openembedded-core mailing list