search

InterNetNews / inn

INN (InterNetNews) Usenet server
https://www.isc.org/othersoftware/#INN
Other
72 stars 13 forks source link

Fix format-nonliteral warnings #153

Open rra opened 3 years ago

rra commented 3 years ago

Reported by iulius on 31 Jul 2016 20:04 UTC To build with GCC "-Wformat-nonliteral" warning on, 9911 suppressed a few checks in the code, waiting to be properly fixed. For instance:

#pragma GCC diagnostic ignored "-Wformat-nonliteral"
  snprintf(address, sizeof(address), save, name);
#pragma GCC diagnostic warning "-Wformat-nonliteral"

GCC 4.4.7 cannot build INN because pragmas are not allowed inside functions for old GCC versions. So these pragmas were suppressed in STABLE 2.6 with 10040.

They are still present in CURRENT 2.7. They need being fixed before the release of 2.7.0.

Here is what Russ Allbery suggests:

printf provides a full formatting language, of which INN only wants one very specific feature. Using it this way is questionable from a security standpoint, since any bogus moderator pattern could produce all sorts of buffer overflow problems and other issues.

I think the best fix is to write a function that expands the address by doing something like:

  1. Determine the length of the full address as the length of the pattern, plus the length of the newsgroup name if %s was found in the pattern, minus the count of occurrences of %% in the pattern.

  2. Allocate enough memory to hold the result as a string.

  3. Copy the pattern to the output buffer until %% or %s is found, copying % for the former and the mangled group name for the latter.

This requires writing some irritating string manipulation code in C, but one only has to do it once, throw some test programs at it, and then there are no more worries about someone finding a way to abuse INN's reuse of sprintf for something it wasn't really intended for.

rra commented 3 years ago

Comment by iulius on 7 Jan 2018 20:22 UTC The format-nonliteral warning has been silenced for older GCC releases with [10217]. This ticket is therefore no longer blocking for INN 2.7.0.

Julien-Elie commented 3 years ago

Still needing fixing for -Wformat-nonliteral: