Improve security by avoiding buffer overflows

This patch adds compiler flags to improve the security of STX code.
Flags added:
Format string vulnerabilities: CFLAGS="-Wformat -Wformat-security"
Compiler will treat string format warnings as errors,
so at compiling level, buffer overflow is avoided.

Story: 2004380
Task: 28823

Signed-off-by: Luis Botello  <luis.botello.ortega@intel.com>
Reviewed-by: Erich Cordoba <erich.cordoba.malibran@intel.com>
             Victor Rodriguez <vm.rod25@gmail.com>
Suggested-by: Victor Rodriguez <vm.rod25@gmail.com>
             Erich Cordoba <erich.cordoba.malibran@intel.com>

Change-Id: I45a0002288db434bc79c477c231f900e477347a1
This commit is contained in:
Luis Botello 2019-01-09 05:24:27 -06:00
parent ff1b69302e
commit 196c036013
5 changed files with 12 additions and 11 deletions

View File

@ -120,7 +120,7 @@ SRCS+=sm_cluster_hbs_info_msg.cpp
OBJS= $(SRCS:.c=.o)
CCFLAGS= -g -O2 -Wall -Werror -Wformat -std=c++11
EXTRACCFLAGS= -D__STDC_FORMAT_MACROS
EXTRACCFLAGS= -D__STDC_FORMAT_MACROS -Wformat -Wformat-security
LDLIBS= -lsqlite3 -lglib-2.0 -luuid -lpthread -lrt -lsm_common -lsm_db -lfmcommon -ljson-c -lcrypto -lssl
LDFLAGS = -rdynamic

View File

@ -1297,7 +1297,8 @@ static void sm_alarm_thread_audit( const char entity_instance[] )
return;
}
snprintf( fm_entity_instance_id, FM_MAX_BUFFER_LENGTH, entity_instance );
snprintf( fm_entity_instance_id, FM_MAX_BUFFER_LENGTH, "%s",
entity_instance );
fm_error = fm_get_faults_wrapper( &fm_entity_instance_id, fm_alarm_data,
&fm_total_alarms );

View File

@ -62,7 +62,7 @@ SmErrorT sm_configuration_table_get( const char* key, char* buf, unsigned int bu
if( 0 != count )
{
snprintf( buf, buf_size, value.value );
snprintf( buf, buf_size, "%s", value.value );
}else
{
buf[0] = '\0';

View File

@ -15,9 +15,9 @@ SRCS+=sm_thread_health.c
SRCS+=sm_utils.c
SRCS+=sm_node_utils.c
SRCS+=sm_node_stats.c
SRCS+=sm_selobj.c
SRCS+=sm_time.c
SRCS+=sm_timer.c
SRCS+=sm_selobj.c
SRCS+=sm_time.c
SRCS+=sm_timer.c
SRCS+=sm_netlink.c
SRCS+=sm_hw.c
SRCS+=sm_uuid.c
@ -28,7 +28,7 @@ SRCS+=sm_util_types.c
OBJS = $(SRCS:.c=.o)
CCFLAGS= -fPIC -g -O2 -Wall -Werror -std=c++11
EXTRACCFLAGS= -D__STDC_FORMAT_MACROS -DSW_VERSION=\"$(SW_VERSION)\"
EXTRACCFLAGS+= -Wformat -Wformat-security
LDLIBS= -lsqlite3 -lglib-2.0 -lgmodule-2.0 -luuid -lrt -lpthread
LDFLAGS = -shared -rdynamic

View File

@ -16,19 +16,19 @@ SRCS+=sm_db_service_domain_interfaces.c
SRCS+=sm_db_service_domain_members.c
SRCS+=sm_db_service_domain_neighbors.c
SRCS+=sm_db_service_domain_assignments.c
SRCS+=sm_db_service_groups.c
SRCS+=sm_db_service_groups.c
SRCS+=sm_db_service_group_members.c
SRCS+=sm_db_services.c
SRCS+=sm_db_services.c
SRCS+=sm_db_service_heartbeat.c
SRCS+=sm_db_service_dependency.c
SRCS+=sm_db_service_instances.c
SRCS+=sm_db_service_actions.c
SRCS+=sm_db_service_actions.c
SRCS+=sm_db_service_action_results.c
SRCS+=sm_db_build.c
SRCS+=sm_db_configuration.c
OBJS = $(SRCS:.c=.o)
CCFLAGS= -fPIC -g -O2 -Wall -Werror -std=c++11
CCFLAGS= -fPIC -g -O2 -Wall -Werror -std=c++11 -Wformat -Wformat-security
EXTRACCFLAGS= -D__STDC_FORMAT_MACROS
LDLIBS= -lsqlite3 -lglib-2.0 -luuid -lrt -lsm_common
LDFLAGS = -shared -rdynamic