INN commit: trunk (17 files)

INN Commit rra at isc.org
Sat Jul 4 21:32:56 UTC 2015


    Date: Saturday, July 4, 2015 @ 14:32:56
  Author: iulius
Revision: 9911

Check for new warnings when running "make warnings"

Add the following flags:
-Wformat=2 -Wmissing-include-dirs -Wtrampolines
-Wjump-misses-init -Winvalid-pch

Using -Wformat=2 checks the use of string literals and permits to detect
where security should be tightened (see ticket #136).

Modified:
  trunk/Makefile.global.in
  trunk/backends/batcher.c
  trunk/backends/buffchan.c
  trunk/backends/innxmit.c
  trunk/backends/ninpaths.c
  trunk/backends/shlock.c
  trunk/frontends/inews.c
  trunk/frontends/rnews.c
  trunk/innd/ng.c
  trunk/innd/site.c
  trunk/innd/util.c
  trunk/innfeed/imap_connection.c
  trunk/innfeed/misc.c
  trunk/lib/getmodaddr.c
  trunk/nnrpd/post.c
  trunk/support/getc-tap-harness
  trunk/tests/tap/basic.c

---------------------------+
 Makefile.global.in        |   19 ++++++++++++-------
 backends/batcher.c        |    4 ++++
 backends/buffchan.c       |    4 +++-
 backends/innxmit.c        |   26 ++++++++++++--------------
 backends/ninpaths.c       |    2 ++
 backends/shlock.c         |   16 ++++++++--------
 frontends/inews.c         |    4 ++--
 frontends/rnews.c         |    4 ++++
 innd/ng.c                 |    4 ++--
 innd/site.c               |    8 ++++++--
 innd/util.c               |    5 +++--
 innfeed/imap_connection.c |    4 ++++
 innfeed/misc.c            |    2 ++
 lib/getmodaddr.c          |    4 ++++
 nnrpd/post.c              |   20 ++++++++++++--------
 support/getc-tap-harness  |    4 ++++
 tests/tap/basic.c         |    4 ++++
 17 files changed, 88 insertions(+), 46 deletions(-)

Modified: Makefile.global.in
===================================================================
--- Makefile.global.in	2015-07-04 21:02:48 UTC (rev 9910)
+++ Makefile.global.in	2015-07-04 21:32:56 UTC (rev 9911)
@@ -58,6 +58,7 @@
 ##
 ##    -ansi                 Requires messing with feature test macros.
 ##    -pedantic             Too much noise from embedded Perl.
+##    -Wdouble-promotion    Too much noise from using printf with floats.
 ##    -Wswitch-default      Quite annoying to enforce it.
 ##    -Wstrict-overflow=2   Gives false positives.
 ##    -Wtraditional         We assume ANSI C, so these aren't interesting.
@@ -75,13 +76,14 @@
 ##    -Wpacked              Used by INN.
 ##    -Wpadded              Used by INN.
 ##    -Wredundant-decls     Too much noise from system headers.
+##    -Wlong-long           Too much noise from system headers.
 ##    -Woverlength-strings  Useless noise.
 ##
 ##  Some may be worth looking at again once a released version of gcc doesn't
 ##  warn on system headers.  The warnings below are in the same order as
 ##  they're listed in the gcc manual.
 ##
-##  Last checked against gcc 4.4.5 (2010-10-01).
+##  Last checked against gcc 4.7.4 (2014-06-12).
 ##  Add -g because when building with warnings, one generally also wants the
 ##  debugging information, and add -O2 because gcc won't find some warnings
 ##  without optimization turned on.  Add -DDEBUG=1 so that we'll also
@@ -90,16 +92,19 @@
 ##  -D_FORTIFY_SOURCE=2 enables warn_unused_result attribute markings
 ##  on glibc functions on Linux, as well as more object size checking,
 ##  which catches a few more issues.
-##  -Wformat=2, -Wswitch-enum, -Wfloat-equal, -Wlogical-op,
+##  -Wswitch-enum, -Wfloat-equal, -Wlogical-op,
 ##  "-Wconversion -Wno-sign-conversion", -Wmissing-format-attribute
 ##  -Wunreachable-code, -Wstack-protector, -Wdeclaration-after-statement
 
-WARNINGS	= -g -O2 -DDEBUG=1 -Werror -Wall -Wextra -Winit-self \
-                  -Wsync-nand -Wendif-labels -Wpointer-arith \
+WARNINGS	= -g -O2 -DDEBUG=1 -Werror -Wall -Wextra -Wformat=2 \
+		  -Winit-self -Wmissing-include-dirs \
+		  -Wsync-nand -Wendif-labels -Wtrampolines -Wpointer-arith \
 		  -Wbad-function-cast -Wcast-align -Wwrite-strings \
-		  -Wstrict-prototypes -Wold-style-definition \
-                  -Wmissing-prototypes -Wmissing-declarations \
-                  -Wnormalized=nfc -Wnested-externs -Winline -Wvla
+		  -Wjump-misses-init -Wstrict-prototypes \
+		  -Wold-style-definition \
+		  -Wmissing-prototypes -Wmissing-declarations \
+		  -Wnormalized=nfc -Wnested-externs -Winline \
+		  -Winvalid-pch -Wvla
 
 ##  Some warnings have to be suppressed for Perl, since there's no way to work
 ##  around the Perl header problems in INN code.

Modified: backends/batcher.c
===================================================================
--- backends/batcher.c	2015-07-04 21:02:48 UTC (rev 9910)
+++ backends/batcher.c	2015-07-04 21:32:56 UTC (rev 9911)
@@ -54,7 +54,9 @@
     char	buff[SMBUF];
 
     if (Processor && *Processor) {
+#pragma GCC diagnostic ignored "-Wformat-nonliteral"
 	snprintf(buff, sizeof(buff), Processor, Host);
+#pragma GCC diagnostic warning "-Wformat-nonliteral"
 	F = popen(buff, "w");
 	if (F == NULL)
 	    return NULL;
@@ -370,7 +372,9 @@
     SendIt:
 	/* Now we can start to send the article! */
 	if (Separator && *Separator) {
+#pragma GCC diagnostic ignored "-Wformat-nonliteral"
 	    snprintf(buff, sizeof(buff), Separator, BytesInArt);
+#pragma GCC diagnostic warning "-Wformat-nonliteral"
 	    BytesInCB += strlen(buff) + 1;
 	    BytesWritten += strlen(buff) + 1;
 	    if (fprintf(F, "%s\n", buff) == EOF || ferror(F)) {

Modified: backends/buffchan.c
===================================================================
--- backends/buffchan.c	2015-07-04 21:02:48 UTC (rev 9910)
+++ backends/buffchan.c	2015-07-04 21:32:56 UTC (rev 9911)
@@ -179,7 +179,9 @@
 
     /* Fill in the structure for the new site. */
     sp->Name = xstrdup(Name);
+#pragma GCC diagnostic ignored "-Wformat-nonliteral"
     snprintf(buff, sizeof(buff), Format, Map ? MAPname(Name) : sp->Name);
+#pragma GCC diagnostic warning "-Wformat-nonliteral"
     sp->Filename = xstrdup(buff);
     if (BufferMode == 'u')
 	sp->Buffer = NULL;
@@ -379,7 +381,7 @@
 	case 'd':
 	    Directory = optarg;
 	    if (Format == NULL)
-		Format =xstrdup("%s");
+                Format = xstrdup("%s");
 	    break;
 	case 'f':
 	    Fields = atoi(optarg);

Modified: backends/innxmit.c
===================================================================
--- backends/innxmit.c	2015-07-04 21:02:48 UTC (rev 9910)
+++ backends/innxmit.c	2015-07-04 21:32:56 UTC (rev 9911)
@@ -95,19 +95,18 @@
 /*
 **  Syslog formats - collected together so they remain consistent.
 */
-static char	STAT1[] =
-	"%s stats offered %lu accepted %lu refused %lu rejected %lu missing %lu accsize %.0f rejsize %.0f";
-static char	STAT2[] = "%s times user %.3f system %.3f elapsed %.3f";
-static char	GOT_BADCOMMAND[] = "%s rejected %s %s";
-static char	REJECTED[] = "%s rejected %s (%s) %s";
-static char	REJ_STREAM[] = "%s rejected (%s) %s";
-static char	CANT_CONNECT[] = "%s connect failed %s";
-static char	CANT_AUTHENTICATE[] = "%s authenticate failed %s";
-static char	IHAVE_FAIL[] = "%s ihave failed %s";
+#define STAT1 "%s stats offered %lu accepted %lu refused %lu rejected %lu missing %lu accsize %.0f rejsize %.0f"
+#define STAT2 "%s times user %.3f system %.3f elapsed %.3f"
+#define GOT_BADCOMMAND "%s rejected %s %s"
+#define REJECTED "%s rejected %s (%s) %s"
+#define REJ_STREAM "%s rejected (%s) %s"
+#define CANT_CONNECT "%s connect failed %s"
+#define CANT_AUTHENTICATE "%s authenticate failed %s"
+#define IHAVE_FAIL "%s ihave failed %s"
 
-static char	CANT_FINDIT[] = "%s can't find %s";
-static char	CANT_PARSEIT[] = "%s can't parse ID %s";
-static char	UNEXPECTED[] = "%s unexpected response code %s";
+#define CANT_FINDIT "%s can't find %s"
+#define CANT_PARSEIT "%s can't parse ID %s"
+#define UNEXPECTED "%s unexpected response code %s"
 
 /*
 **  Global variables.
@@ -1006,7 +1005,6 @@
 
 
 int main(int ac, char *av[]) {
-    static char		SKIPPING[] = "Skipping \"%s\" --%s?\n";
     int	                i;
     char	        *p;
     ARTHANDLE		*art;
@@ -1339,7 +1337,7 @@
 	/* Get the Message-ID from the article if we need to. */
 	if (MessageID == NULL) {
 	    if ((MessageID = GetMessageID(art)) == NULL) {
-                warn(SKIPPING, Article, "no message ID");
+                warn("Skipping \"%s\" -- %s?\n", Article, "no message ID");
                 article_free(art);
 		continue;
 	    }

Modified: backends/ninpaths.c
===================================================================
--- backends/ninpaths.c	2015-07-04 21:02:48 UTC (rev 9910)
+++ backends/ninpaths.c	2015-07-04 21:32:56 UTC (rev 9911)
@@ -199,7 +199,9 @@
 	writedump(stdout);
 	return;
     }
+#pragma GCC diagnostic ignored "-Wformat-nonliteral"
     snprintf(buf, sizeof(buf), n, time(0));
+#pragma GCC diagnostic warning "-Wformat-nonliteral"
     d=fopen(buf, "w");
     if (d) {
 	if (writedump(d)<0)

Modified: backends/shlock.c
===================================================================
--- backends/shlock.c	2015-07-04 21:02:48 UTC (rev 9910)
+++ backends/shlock.c	2015-07-04 21:32:56 UTC (rev 9911)
@@ -19,14 +19,14 @@
 static bool BinaryLock;
 static bool JustChecking;
 
-static char CANTUNLINK[] = "shlock: Can't unlink \"%s\", %s";
-static char CANTOPEN[] = "shlock: Can't open \"%s\", %s";
-static char CANTCHDIR[] = "shlock: Can't chdir to \"%s\", %s";
-static char CANTWRITEPID[] = "shlock: Can't write PID to \"%s\", %s";
-static char CANTCLOSE[] = "shlock: Can't close \"%s\", %s";
-static char CANTLINK[] = "shlock: Can't link \"%s\" to \"%s\", %s";
-static char STALELOCK[] = "shlock: Stale lockfile detected \"%s\", please remove";
-static char CANTSTAT[] = "shlock: Can't stat \"%s\", %s";
+#define CANTUNLINK "shlock: Can't unlink \"%s\", %s"
+#define CANTOPEN "shlock: Can't open \"%s\", %s"
+#define CANTCHDIR "shlock: Can't chdir to \"%s\", %s"
+#define CANTWRITEPID "shlock: Can't write PID to \"%s\", %s"
+#define CANTCLOSE "shlock: Can't close \"%s\", %s"
+#define CANTLINK "shlock: Can't link \"%s\" to \"%s\", %s"
+#define STALELOCK "shlock: Stale lockfile detected \"%s\", please remove"
+#define CANTSTAT "shlock: Can't stat \"%s\", %s"
 
 /* After this time, we start to complain about an invalid locked lockfile. */
 #define LINK_TIMEOUT 30

Modified: frontends/inews.c
===================================================================
--- frontends/inews.c	2015-07-04 21:02:48 UTC (rev 9910)
+++ frontends/inews.c	2015-07-04 21:32:56 UTC (rev 9911)
@@ -663,7 +663,6 @@
 static char *
 AppendSignature(bool UseMalloc, char *article, char *homedir, int *linesp)
 {
-    static char	NOSIG[] = "Can't add your .signature (%s), article not posted";
     int		i;
     int		length;
     size_t      artsize;
@@ -679,7 +678,8 @@
     if ((F = fopen(buff, "r")) == NULL) {
 	if (errno == ENOENT)
 	    return article;
-	fprintf(stderr, NOSIG, strerror(errno));
+        fprintf(stderr, "Can't add your .signature (%s), article not posted",
+                strerror(errno));
 	QuitServer(1);
     }
 

Modified: frontends/rnews.c
===================================================================
--- frontends/rnews.c	2015-07-04 21:02:48 UTC (rev 9910)
+++ frontends/rnews.c	2015-07-04 21:32:56 UTC (rev 9911)
@@ -170,10 +170,14 @@
     int fd;
 #endif	/* defined(DO_RNEWS_SAVE_BAD) */
 
+#pragma GCC diagnostic ignored "-Wformat-nonliteral"
     notice(reason, arg);
+#pragma GCC diagnostic warning "-Wformat-nonliteral"
     if (Verbose) {
 	fprintf(stderr, "%s: ", InputFile);
+#pragma GCC diagnostic ignored "-Wformat-nonliteral"
 	fprintf(stderr, reason, arg);
+#pragma GCC diagnostic warning "-Wformat-nonliteral"
 	fprintf(stderr, " [%.40s...]\n", article);
     }
 

Modified: innd/ng.c
===================================================================
--- innd/ng.c	2015-07-04 21:02:48 UTC (rev 9910)
+++ innd/ng.c	2015-07-04 21:32:56 UTC (rev 9911)
@@ -323,8 +323,8 @@
 /*
 **  Renumber a group.
 */
-static char		NORENUMBER[] = "%s cant renumber %s %s too wide";
-static char		RENUMBER[] = "%s renumber %s %s from %ld to %ld";
+#define NORENUMBER "%s cant renumber %s %s too wide"
+#define RENUMBER "%s renumber %s %s from %ld to %ld"
 
 bool
 NGrenumber(NEWSGROUP *ngp)

Modified: innd/site.c
===================================================================
--- innd/site.c	2015-07-04 21:02:48 UTC (rev 9910)
+++ innd/site.c	2015-07-04 21:32:56 UTC (rev 9911)
@@ -530,11 +530,15 @@
 	    strlcat(temp, sp->FNLnames.data, i + 1);
 	    strlcat(temp, &p[1], i + 1);
 	    *p = '*';
+#pragma GCC diagnostic ignored "-Wformat-nonliteral"
 	    snprintf(buff, sizeof(buff), temp, Data->TokenText);
+#pragma GCC diagnostic warning "-Wformat-nonliteral"
 	    free(temp);
-	}
-	else
+	} else {
+#pragma GCC diagnostic ignored "-Wformat-nonliteral"
 	    snprintf(buff, sizeof(buff), sp->Param, Data->TokenText);
+#pragma GCC diagnostic warning "-Wformat-nonliteral"
+        }
 
 	if (NeedShell(buff, (const char **)argv, (const char **)ARRAY_END(argv))) {
 	    argv[0] = SITEshell;

Modified: innd/util.c
===================================================================
--- innd/util.c	2015-07-04 21:02:48 UTC (rev 9910)
+++ innd/util.c	2015-07-04 21:32:56 UTC (rev 9911)
@@ -189,6 +189,9 @@
 }
 
 
+#define NOCLOSE "%s cant close %d in %s %m"
+#define NODUP2 "%s cant dup2 %d to %d in %s %m"
+
 /*
 **  Spawn a process, with I/O redirected as needed.  Return the PID or -1
 **  (and a syslog'd message) on error.
@@ -196,8 +199,6 @@
 pid_t
 Spawn(int niceval, int fd0, int fd1, int fd2, char * const av[])
 {
-    static char NOCLOSE[] = "%s cant close %d in %s %m";
-    static char NODUP2[] = "%s cant dup2 %d to %d in %s %m";
     pid_t       i;
 
     /* Fork; on error, give up.  If not using the patched dbz, make

Modified: innfeed/imap_connection.c
===================================================================
--- innfeed/imap_connection.c	2015-07-04 21:02:48 UTC (rev 9910)
+++ innfeed/imap_connection.c	2015-07-04 21:32:56 UTC (rev 9911)
@@ -3650,7 +3650,9 @@
 
     c = newrcpt[newrcptlen];
     newrcpt[newrcptlen] = '\0';
+#pragma GCC diagnostic ignored "-Wformat-nonliteral"
     size += snprintf((*out) + size, newsize - size, deliver_rcpt_to, newrcpt);
+#pragma GCC diagnostic warning "-Wformat-nonliteral"
     newrcpt[newrcptlen] = c;
 
     strlcpy((*out) + size, ">\r\n", newsize - size);
@@ -3725,7 +3727,9 @@
 
     c = newrcpt[newrcptlen];
     newrcpt[newrcptlen] = '\0';
+#pragma GCC diagnostic ignored "-Wformat-nonliteral"
     size += snprintf((*out) + size, newsize - size, deliver_to_header,newrcpt);
+#pragma GCC diagnostic warning "-Wformat-nonliteral"
     newrcpt[newrcptlen] = c;
 
     strlcpy((*out) + size, ">", newsize - size);

Modified: innfeed/misc.c
===================================================================
--- innfeed/misc.c	2015-07-04 21:02:48 UTC (rev 9910)
+++ innfeed/misc.c	2015-07-04 21:32:56 UTC (rev 9911)
@@ -593,8 +593,10 @@
 {
   static const char defaultFormat[] = "%a %b %d %H:%M:%S %Y" ;
   const struct tm *const tm = localtime(&t);
+#pragma GCC diagnostic ignored "-Wformat-nonliteral"
   strftime (buffer, size,
     timeToStringFormat == 0 ? defaultFormat : timeToStringFormat, tm);
+#pragma GCC diagnostic warning "-Wformat-nonliteral"
   return buffer;
 }
 

Modified: lib/getmodaddr.c
===================================================================
--- lib/getmodaddr.c	2015-07-04 21:02:48 UTC (rev 9910)
+++ lib/getmodaddr.c	2015-07-04 21:32:56 UTC (rev 9911)
@@ -201,7 +201,9 @@
 		    if (*p == '.')
 			*p = '-';
                 if (IsValidSubmissionTemplate(save)) {
+#pragma GCC diagnostic ignored "-Wformat-nonliteral"
                     snprintf(address, sizeof(address), save, name);
+#pragma GCC diagnostic warning "-Wformat-nonliteral"
                     break;
                 }
 	    }
@@ -221,7 +223,9 @@
 	    *p = '-';
 
     if (IsValidSubmissionTemplate(save)) {
+#pragma GCC diagnostic ignored "-Wformat-nonliteral"
         snprintf(address, sizeof(address), save, name);
+#pragma GCC diagnostic warning "-Wformat-nonliteral"
     } else {
         return NULL;
     }

Modified: nnrpd/post.c
===================================================================
--- nnrpd/post.c	2015-07-04 21:02:48 UTC (rev 9910)
+++ nnrpd/post.c	2015-07-04 21:32:56 UTC (rev 9911)
@@ -696,7 +696,9 @@
      * in case %s isn't in inconf->mta) and send the headers. */
     if ((mta = innconf->mta) == NULL)
 	return "Can't start mailer -- mta not set";
+#pragma GCC diagnostic ignored "-Wformat-nonliteral"
     snprintf(buff, sizeof(buff), innconf->mta, address);
+#pragma GCC diagnostic warning "-Wformat-nonliteral"
     if ((F = popen(buff, "w")) == NULL)
 	return "Can't start mailer";
     fprintf(F, "To: %s\n", address);
@@ -884,13 +886,12 @@
 static int
 OfferArticle(char *buff, int buffsize, FILE *FromServer, FILE *ToServer)
 {
-    static char		CANTSEND[] = "Can't send %s to server, %s";
-
     /* We have a valid message-ID here (checked beforehand). */
     fprintf(ToServer, "IHAVE %s\r\n", HDR(HDR__MESSAGEID));
     if (FLUSH_ERROR(ToServer)
      || fgets(buff, buffsize, FromServer) == NULL) {
-	snprintf(buff, buffsize, CANTSEND, "IHAVE", strerror(errno));
+        snprintf(buff, buffsize, "Can't send %s to server, %s",
+                 "IHAVE", strerror(errno));
 	return -1;
     }
     return atoi(buff);
@@ -1043,7 +1044,6 @@
 const char *
 ARTpost(char *article, char *idbuff, bool *permanent)
 {
-    static char	CANTSEND[] = "Can't send %s to server, %s";
     int		i;
     char	*p, *q;
     char	*next;
@@ -1236,9 +1236,11 @@
     if (i < 0) {
 	if (buff[0])
 	    strlcpy(Error, buff, sizeof(Error));
-	else
-	    snprintf(Error, sizeof(Error), CANTSEND, "connect request",
+        else {
+            snprintf(Error, sizeof(Error),
+                     "Can't send connect request to server, %s",
                      strerror(errno));
+        }
         return Spoolit(article,Error);
     }
 
@@ -1310,7 +1312,8 @@
     }
     fprintf(ToServer, "\r\n");
     if (FLUSH_ERROR(ToServer)) {
-	snprintf(Error, sizeof(Error), CANTSEND, "headers", strerror(errno));
+        snprintf(Error, sizeof(Error), "Can't send headers to server, %s",
+                 strerror(errno));
 	fclose(FromServer);
 	fclose(ToServer);
 	return Spoolit(article, Error);
@@ -1319,7 +1322,8 @@
     /* Send the article, get the server's reply. */
     if (NNTPsendarticle(article, ToServer, true) < 0
      || fgets(buff, sizeof buff, FromServer) == NULL) {
-	snprintf(Error, sizeof(Error), CANTSEND, "article", strerror(errno));
+        snprintf(Error, sizeof(Error), "Can't send article to server, %s",
+                 strerror(errno));
 	fclose(FromServer);
 	fclose(ToServer);
 	return Spoolit(article, Error);

Modified: support/getc-tap-harness
===================================================================
--- support/getc-tap-harness	2015-07-04 21:02:48 UTC (rev 9910)
+++ support/getc-tap-harness	2015-07-04 21:32:56 UTC (rev 9911)
@@ -93,7 +93,9 @@
 void\\
 skip(int n UNUSED, const char *reason)\\
 {\\
+#pragma GCC diagnostic ignored \"-Wformat-nonliteral\"\\
     new_skip(reason, NULL);\\
+#pragma GCC diagnostic warning \"-Wformat-nonliteral\"\\
 }\\
 \\
 void\\
@@ -105,7 +107,9 @@
 void\\
 skip_block(int n UNUSED, int count, const char *reason)\\
 {\\
+#pragma GCC diagnostic ignored \"-Wformat-nonliteral\"\\
     new_skip_block(count, reason, NULL);\\
+#pragma GCC diagnostic warning \"-Wformat-nonliteral\"\\
 }\\
 \\
 void\\

Modified: tests/tap/basic.c
===================================================================
--- tests/tap/basic.c	2015-07-04 21:02:48 UTC (rev 9910)
+++ tests/tap/basic.c	2015-07-04 21:32:56 UTC (rev 9911)
@@ -72,7 +72,9 @@
 void
 skip(int n UNUSED, const char *reason)
 {
+#pragma GCC diagnostic ignored "-Wformat-nonliteral"
     new_skip(reason, NULL);
+#pragma GCC diagnostic warning "-Wformat-nonliteral"
 }
 
 void
@@ -84,7 +86,9 @@
 void
 skip_block(int n UNUSED, int count, const char *reason)
 {
+#pragma GCC diagnostic ignored "-Wformat-nonliteral"
     new_skip_block(count, reason, NULL);
+#pragma GCC diagnostic warning "-Wformat-nonliteral"
 }
 
 void



More information about the inn-committers mailing list