[INN] #140: Fix format-nonliteral warnings
rra at stanford.edu
Sun Jul 31 20:04:54 UTC 2016
#140: Fix format-nonliteral warnings
Reporter: iulius | Owner:
Type: defect | Status: new
Priority: low | Milestone: 2.7.0
Component: general | Version: 2.6.0
Severity: normal | Keywords:
To build with GCC "-Wformat-nonliteral" warning on,  suppressed a
few checks in the code, waiting to be properly fixed.
#pragma GCC diagnostic ignored "-Wformat-nonliteral"
snprintf(address, sizeof(address), save, name);
#pragma GCC diagnostic warning "-Wformat-nonliteral"
GCC 4.4.7 cannot build INN because pragmas are not allowed inside
functions for old GCC versions.
So these pragmas were suppressed in STABLE 2.6 with .
They are still present in CURRENT 2.7. They need being fixed before the
release of 2.7.0.
Here is what Russ Allbery suggests:
"printf provides a full formatting language, of which INN
only wants one very specific feature. Using it this way is questionable
from a security standpoint, since any bogus moderator pattern could
produce all sorts of buffer overflow problems and other issues.
I think the best fix is to write a function that expands the address by
doing something like:
1. Determine the length of the full address as the length of the pattern,
plus the length of the newsgroup name if %s was found in the pattern,
minus the count of occurrences of %% in the pattern.
2. Allocate enough memory to hold the result as a string.
3. Copy the pattern to the output buffer until %% or %s is found, copying
% for the former and the mangled group name for the latter.
This requires writing some irritating string manipulation code in C, but
one only has to do it once, throw some test programs at it, and then there
are no more worries about someone finding a way to abuse INN's reuse of
sprintf for something it wasn't really intended for."
Ticket URL: <http://inn.eyrie.org/trac/ticket/140>
More information about the inn-bugs