Date: Wed, 15 Aug 2001 14:01:49 +1000 (EST) From: Bruce Evans <bde@zeta.org.au> To: Seth Kingsley <seth.kingsley@windriver.com> Cc: Kris Kennaway <kris@obsecurity.org>, <obrien@FreeBSD.ORG>, <audit@FreeBSD.ORG> Subject: Re: WFORMAT=1 errors Message-ID: <20010815132535.A17665-100000@besplex.bde.org> In-Reply-To: <20010814195628.F12506@meow.lab.nuxi.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 14 Aug 2001, Seth Kingsley wrote:
> On Wed, Aug 15, 2001 at 11:47:55AM +1000, Bruce Evans wrote:
> > On Tue, 14 Aug 2001, Seth Kingsley wrote:
> > >
> > > struct shell_desc {
> > > const char *echo_fmt;
> > > };
> > >
> > > static struct shell_desc sh_desc = {"echo \"%s\""};
> > >
> > > sprintf(cmd, sh_desc, echo_str);
> > >
> > > Is there any way around this?
> >
> > No (modulo bugs). Format strings that have been constructed at runtime
> > (e.g., using sprintf(), or read from a message catalog) can't pass the
> > WFORMAT=1 checks, since a different construction might give buffer
> > overruns or arg mismatches.
>
> Argh, but this code snippet is clearly not in violation of those rules.
But it is. shell_desc is a trivial message catalog which you happen
never to change. In make/job.c, the message catalog is sometimes "read"
from shells[shellnum], but it is read from makefiles for the .SHELL
directive! See jobParseShell() and the make tutorial.
Bruce
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010815132535.A17665-100000>