[INN] #140: Fix format-nonliteral warnings

INN rra at stanford.edu
Sun Jul 31 20:04:54 UTC 2016

#140: Fix format-nonliteral warnings
 Reporter:  iulius   |      Owner:
     Type:  defect   |     Status:  new
 Priority:  low      |  Milestone:  2.7.0
Component:  general  |    Version:  2.6.0
 Severity:  normal   |   Keywords:
 To build with GCC "-Wformat-nonliteral" warning on, [9911] suppressed a
 few checks in the code, waiting to be properly fixed.
 For instance:

 #pragma GCC diagnostic ignored "-Wformat-nonliteral"
   snprintf(address, sizeof(address), save, name);
 #pragma GCC diagnostic warning "-Wformat-nonliteral"

 GCC 4.4.7 cannot build INN because pragmas are not allowed inside
 functions for old GCC versions.
 So these pragmas were suppressed in STABLE 2.6 with [10040].

 They are still present in CURRENT 2.7.  They need being fixed before the
 release of 2.7.0.

 Here is what Russ Allbery suggests:

 "printf provides a full formatting language, of which INN
 only wants one very specific feature.  Using it this way is questionable
 from a security standpoint, since any bogus moderator pattern could
 produce all sorts of buffer overflow problems and other issues.

 I think the best fix is to write a function that expands the address by
 doing something like:

 1. Determine the length of the full address as the length of the pattern,
    plus the length of the newsgroup name if %s was found in the pattern,
    minus the count of occurrences of %% in the pattern.

 2. Allocate enough memory to hold the result as a string.

 3. Copy the pattern to the output buffer until %% or %s is found, copying
    % for the former and the mangled group name for the latter.

 This requires writing some irritating string manipulation code in C, but
 one only has to do it once, throw some test programs at it, and then there
 are no more worries about someone finding a way to abuse INN's reuse of
 sprintf for something it wasn't really intended for."

Ticket URL: <http://inn.eyrie.org/trac/ticket/140>
INN <http://www.eyrie.org/~eagle/software/inn/>

More information about the inn-bugs mailing list