starlingx
/
fault
Code Issues Proposed changes

Improve security by avoiding buffer overflows 

This patch adds compiler flags to improve the security of STX code.
Flags added:
Format string vulnerabilities:           CFLAGS="-Wformat -Wformat-security"
Compiler will treat string format warnings as errors,
so at compiling level, buffer overflow is avoided.

Story: 2004380
Task: 28806

Signed-off-by: Luis Botello  <luis.botello.ortega@intel.com>
Reviewed-by: Erich Cordoba <erich.cordoba.malibran@intel.com>
             Victor Rodriguez <vm.rod25@gmail.com>
Sugested-by: Victor Rodriguez <vm.rod25@gmail.com>
             Erich Cordoba <erich.cordoba.malibran@intel.com>

Change-Id: Ia1ffaf18e7050d9099b80f9023b2bf255b4750fa
This commit is contained in:
Luis Botello 2019-01-08 08:59:25 -06:00
parent 932fdfbd70
commit 845f41a85c
4 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
fm-common/sources/Makefile
View File

@ -7,6 +7,7 @@ CLI_OBJS = fm_cli.o
LDLIBS = -lstdc++ -lrt -luuid -lpq -lpthread -lpython2.7
INCLUDES = -I./ -I$(shell pg_config --includedir)
CCFLAGS = -g -O2 -Wall -Werror -fPIC
EXTRACCFLAGS= -Wformat -Wformat-security
MAJOR ?= 1
MINOR ?= 0

1
fm-mgr/sources/Makefile
View File

@ -4,6 +4,7 @@ OBJS = fm_main.o
OBJS = $(SRCS:.cpp=.o)
INCLUDES = -I.
CCFLAGS = -g -O2 -Wall -Werror
EXTRACCFLAGS = -Wformat -Wformat-security
MAJOR ?= 1
MINOR ?= 0

2
snmp-audittrail/sources/Makefile
View File

@ -3,7 +3,7 @@ SRCS = snmpAuditPlugin.c
OBJS = $(SRCS:.c=.o)
LDLIBS = -lfmcommon -lnetsnmp -lnetsnmpagent -luuid
INCLUDES += -I./
CCFLAGS = -fPIC -g -O2 -Wall -Werror
CCFLAGS = -fPIC -g -O2 -Wall -Werror -Wformat -Wformat-security
LIBCGTSAGENT_SO := libsnmpAuditPlugin.so
MAJOR ?= 1
MINOR ?= 0

6
snmp-ext/sources/Makefile
View File

@ -3,9 +3,9 @@ SRCS = cgtsActiveAlarms.c cgtsAgentPlugin.c cgtsEventLogs.c
OBJS = $(SRCS:.c=.o)
LDLIBS = -lfmcommon -lnetsnmp -lnetsnmpagent -luuid
INCLUDES += -I./
CCFLAGS = -fPIC -g -O2 -Wall -Werror
CCFLAGS = -fPIC -g -O2 -Wall -Werror -Wformat -Wformat-security
LIBCGTSAGENT_SO := libcgtsAgentPlugin.so
build: lib
build: lib
.c.o:
$(CXX) $(CCFLAGS) $(INCLUDES) -c $< -o $@
@ -16,7 +16,7 @@ lib: $(OBJS)
ln -sf $(LIBCGTSAGENT_SO).$(MAJOR).$(MINOR).$(PATCH) $(LIBCGTSAGENT_SO)
clean:
@rm -f $(OBJ) *.o *.so.*
@rm -f $(OBJ) *.o *.so.*
install_non_bb:
install -m 755 -d $(DEST_DIR)$(LIB_DIR)