Improve security by avoiding buffer overflows
This patch adds compiler flags to improve the security of STX code. Flags added: Format string vulnerabilities: CFLAGS="-Wformat -Wformat-security" Compiler will treat string format warnings as errors, so at compiling level, buffer overflow is avoided. Story: 2004380 Task: 28806 Signed-off-by: Luis Botello <luis.botello.ortega@intel.com> Reviewed-by: Erich Cordoba <erich.cordoba.malibran@intel.com> Victor Rodriguez <vm.rod25@gmail.com> Sugested-by: Victor Rodriguez <vm.rod25@gmail.com> Erich Cordoba <erich.cordoba.malibran@intel.com> Change-Id: Ia1ffaf18e7050d9099b80f9023b2bf255b4750fa
This commit is contained in:
parent
932fdfbd70
commit
845f41a85c
|
@ -7,6 +7,7 @@ CLI_OBJS = fm_cli.o
|
||||||
LDLIBS = -lstdc++ -lrt -luuid -lpq -lpthread -lpython2.7
|
LDLIBS = -lstdc++ -lrt -luuid -lpq -lpthread -lpython2.7
|
||||||
INCLUDES = -I./ -I$(shell pg_config --includedir)
|
INCLUDES = -I./ -I$(shell pg_config --includedir)
|
||||||
CCFLAGS = -g -O2 -Wall -Werror -fPIC
|
CCFLAGS = -g -O2 -Wall -Werror -fPIC
|
||||||
|
EXTRACCFLAGS= -Wformat -Wformat-security
|
||||||
|
|
||||||
MAJOR ?= 1
|
MAJOR ?= 1
|
||||||
MINOR ?= 0
|
MINOR ?= 0
|
||||||
|
|
|
@ -4,6 +4,7 @@ OBJS = fm_main.o
|
||||||
OBJS = $(SRCS:.cpp=.o)
|
OBJS = $(SRCS:.cpp=.o)
|
||||||
INCLUDES = -I.
|
INCLUDES = -I.
|
||||||
CCFLAGS = -g -O2 -Wall -Werror
|
CCFLAGS = -g -O2 -Wall -Werror
|
||||||
|
EXTRACCFLAGS = -Wformat -Wformat-security
|
||||||
|
|
||||||
MAJOR ?= 1
|
MAJOR ?= 1
|
||||||
MINOR ?= 0
|
MINOR ?= 0
|
||||||
|
|
|
@ -3,7 +3,7 @@ SRCS = snmpAuditPlugin.c
|
||||||
OBJS = $(SRCS:.c=.o)
|
OBJS = $(SRCS:.c=.o)
|
||||||
LDLIBS = -lfmcommon -lnetsnmp -lnetsnmpagent -luuid
|
LDLIBS = -lfmcommon -lnetsnmp -lnetsnmpagent -luuid
|
||||||
INCLUDES += -I./
|
INCLUDES += -I./
|
||||||
CCFLAGS = -fPIC -g -O2 -Wall -Werror
|
CCFLAGS = -fPIC -g -O2 -Wall -Werror -Wformat -Wformat-security
|
||||||
LIBCGTSAGENT_SO := libsnmpAuditPlugin.so
|
LIBCGTSAGENT_SO := libsnmpAuditPlugin.so
|
||||||
MAJOR ?= 1
|
MAJOR ?= 1
|
||||||
MINOR ?= 0
|
MINOR ?= 0
|
||||||
|
|
|
@ -3,9 +3,9 @@ SRCS = cgtsActiveAlarms.c cgtsAgentPlugin.c cgtsEventLogs.c
|
||||||
OBJS = $(SRCS:.c=.o)
|
OBJS = $(SRCS:.c=.o)
|
||||||
LDLIBS = -lfmcommon -lnetsnmp -lnetsnmpagent -luuid
|
LDLIBS = -lfmcommon -lnetsnmp -lnetsnmpagent -luuid
|
||||||
INCLUDES += -I./
|
INCLUDES += -I./
|
||||||
CCFLAGS = -fPIC -g -O2 -Wall -Werror
|
CCFLAGS = -fPIC -g -O2 -Wall -Werror -Wformat -Wformat-security
|
||||||
LIBCGTSAGENT_SO := libcgtsAgentPlugin.so
|
LIBCGTSAGENT_SO := libcgtsAgentPlugin.so
|
||||||
build: lib
|
build: lib
|
||||||
|
|
||||||
.c.o:
|
.c.o:
|
||||||
$(CXX) $(CCFLAGS) $(INCLUDES) -c $< -o $@
|
$(CXX) $(CCFLAGS) $(INCLUDES) -c $< -o $@
|
||||||
|
@ -16,7 +16,7 @@ lib: $(OBJS)
|
||||||
ln -sf $(LIBCGTSAGENT_SO).$(MAJOR).$(MINOR).$(PATCH) $(LIBCGTSAGENT_SO)
|
ln -sf $(LIBCGTSAGENT_SO).$(MAJOR).$(MINOR).$(PATCH) $(LIBCGTSAGENT_SO)
|
||||||
|
|
||||||
clean:
|
clean:
|
||||||
@rm -f $(OBJ) *.o *.so.*
|
@rm -f $(OBJ) *.o *.so.*
|
||||||
|
|
||||||
install_non_bb:
|
install_non_bb:
|
||||||
install -m 755 -d $(DEST_DIR)$(LIB_DIR)
|
install -m 755 -d $(DEST_DIR)$(LIB_DIR)
|
||||||
|
|
Loading…
Reference in New Issue