From 196c036013ca0f7bb952ec6a4de1fdc92944e9e6 Mon Sep 17 00:00:00 2001
From: Luis Botello <luis.botello.ortega@intel.com>
Date: Wed, 9 Jan 2019 05:24:27 -0600
Subject: [PATCH] Improve security by avoiding buffer overflows

This patch adds compiler flags to improve the security of STX code.
Flags added:
Format string vulnerabilities: CFLAGS="-Wformat -Wformat-security"
Compiler will treat string format warnings as errors,
so at compiling level, buffer overflow is avoided.

Story: 2004380
Task: 28823

Signed-off-by: Luis Botello  <luis.botello.ortega@intel.com>
Reviewed-by: Erich Cordoba <erich.cordoba.malibran@intel.com>
             Victor Rodriguez <vm.rod25@gmail.com>
Suggested-by: Victor Rodriguez <vm.rod25@gmail.com>
             Erich Cordoba <erich.cordoba.malibran@intel.com>

Change-Id: I45a0002288db434bc79c477c231f900e477347a1
---
 service-mgmt/sm-1.0.0/src/Makefile                 | 2 +-
 service-mgmt/sm-1.0.0/src/sm_alarm_thread.c        | 3 ++-
 service-mgmt/sm-1.0.0/src/sm_configuration_table.c | 2 +-
 service-mgmt/sm-common-1.0.0/src/Makefile          | 8 ++++----
 service-mgmt/sm-db-1.0.0/src/Makefile              | 8 ++++----
 5 files changed, 12 insertions(+), 11 deletions(-)

diff --git a/service-mgmt/sm-1.0.0/src/Makefile b/service-mgmt/sm-1.0.0/src/Makefile
index 2e3e2694..045da615 100644
--- a/service-mgmt/sm-1.0.0/src/Makefile
+++ b/service-mgmt/sm-1.0.0/src/Makefile
@@ -120,7 +120,7 @@ SRCS+=sm_cluster_hbs_info_msg.cpp
 
 OBJS= $(SRCS:.c=.o)
 CCFLAGS= -g -O2 -Wall -Werror -Wformat  -std=c++11
-EXTRACCFLAGS= -D__STDC_FORMAT_MACROS
+EXTRACCFLAGS= -D__STDC_FORMAT_MACROS -Wformat -Wformat-security
 LDLIBS= -lsqlite3 -lglib-2.0 -luuid -lpthread -lrt -lsm_common -lsm_db -lfmcommon -ljson-c -lcrypto -lssl
 LDFLAGS = -rdynamic
 
diff --git a/service-mgmt/sm-1.0.0/src/sm_alarm_thread.c b/service-mgmt/sm-1.0.0/src/sm_alarm_thread.c
index c765572c..b3e3fa69 100644
--- a/service-mgmt/sm-1.0.0/src/sm_alarm_thread.c
+++ b/service-mgmt/sm-1.0.0/src/sm_alarm_thread.c
@@ -1297,7 +1297,8 @@ static void sm_alarm_thread_audit( const char entity_instance[] )
         return;
     }
 
-    snprintf( fm_entity_instance_id, FM_MAX_BUFFER_LENGTH, entity_instance );
+    snprintf( fm_entity_instance_id, FM_MAX_BUFFER_LENGTH, "%s",
+              entity_instance );
 
     fm_error = fm_get_faults_wrapper( &fm_entity_instance_id, fm_alarm_data,
                                       &fm_total_alarms );
diff --git a/service-mgmt/sm-1.0.0/src/sm_configuration_table.c b/service-mgmt/sm-1.0.0/src/sm_configuration_table.c
index 78aeffb7..9b5a7002 100644
--- a/service-mgmt/sm-1.0.0/src/sm_configuration_table.c
+++ b/service-mgmt/sm-1.0.0/src/sm_configuration_table.c
@@ -62,7 +62,7 @@ SmErrorT sm_configuration_table_get( const char* key, char* buf, unsigned int bu
 
     if( 0 != count )
     {
-        snprintf( buf, buf_size, value.value );
+        snprintf( buf, buf_size, "%s", value.value );
     }else
     {
         buf[0] = '\0';
diff --git a/service-mgmt/sm-common-1.0.0/src/Makefile b/service-mgmt/sm-common-1.0.0/src/Makefile
index 14bc3365..ee833e9e 100644
--- a/service-mgmt/sm-common-1.0.0/src/Makefile
+++ b/service-mgmt/sm-common-1.0.0/src/Makefile
@@ -15,9 +15,9 @@ SRCS+=sm_thread_health.c
 SRCS+=sm_utils.c
 SRCS+=sm_node_utils.c
 SRCS+=sm_node_stats.c
-SRCS+=sm_selobj.c 
-SRCS+=sm_time.c 
-SRCS+=sm_timer.c 
+SRCS+=sm_selobj.c
+SRCS+=sm_time.c
+SRCS+=sm_timer.c
 SRCS+=sm_netlink.c
 SRCS+=sm_hw.c
 SRCS+=sm_uuid.c
@@ -28,7 +28,7 @@ SRCS+=sm_util_types.c
 OBJS = $(SRCS:.c=.o)
 CCFLAGS= -fPIC -g -O2 -Wall -Werror -std=c++11
 EXTRACCFLAGS= -D__STDC_FORMAT_MACROS -DSW_VERSION=\"$(SW_VERSION)\"
-
+EXTRACCFLAGS+= -Wformat -Wformat-security
 LDLIBS= -lsqlite3 -lglib-2.0 -lgmodule-2.0 -luuid -lrt -lpthread
 LDFLAGS = -shared -rdynamic
 
diff --git a/service-mgmt/sm-db-1.0.0/src/Makefile b/service-mgmt/sm-db-1.0.0/src/Makefile
index c6be42f7..b3bfc9d7 100644
--- a/service-mgmt/sm-db-1.0.0/src/Makefile
+++ b/service-mgmt/sm-db-1.0.0/src/Makefile
@@ -16,19 +16,19 @@ SRCS+=sm_db_service_domain_interfaces.c
 SRCS+=sm_db_service_domain_members.c
 SRCS+=sm_db_service_domain_neighbors.c
 SRCS+=sm_db_service_domain_assignments.c
-SRCS+=sm_db_service_groups.c 
+SRCS+=sm_db_service_groups.c
 SRCS+=sm_db_service_group_members.c
-SRCS+=sm_db_services.c 
+SRCS+=sm_db_services.c
 SRCS+=sm_db_service_heartbeat.c
 SRCS+=sm_db_service_dependency.c
 SRCS+=sm_db_service_instances.c
-SRCS+=sm_db_service_actions.c 
+SRCS+=sm_db_service_actions.c
 SRCS+=sm_db_service_action_results.c
 SRCS+=sm_db_build.c
 SRCS+=sm_db_configuration.c
 
 OBJS = $(SRCS:.c=.o)
-CCFLAGS= -fPIC -g -O2 -Wall -Werror -std=c++11
+CCFLAGS= -fPIC -g -O2 -Wall -Werror -std=c++11 -Wformat -Wformat-security
 EXTRACCFLAGS= -D__STDC_FORMAT_MACROS
 LDLIBS= -lsqlite3 -lglib-2.0 -luuid -lrt -lsm_common
 LDFLAGS = -shared -rdynamic