Project

General

Profile

Bug #14001

Fix insecure call to syslog()

Added by Ben Morgan over 4 years ago. Updated about 4 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Kyle Knoepfel
Target version:
art - 2.05.00
Start date:
10/03/2016
Due date:
% Done:

100%

Estimated time:
Spent time:
0.25 h
Duration:

Description

Building message facility on macOS (El Cap, Xcode 7, 8) results in a format-security warning (promoted to error by CET default flags) compiling syslog_mfPlugin.cc.

The attached patch resolves this, using the secure idiom recommended in the 'Notes' section of man 3 syslog. This is tested to compile on the above platforms, though runtime cannot be tested as plugin tests are blocked by Issue #11678. Compilation and full testing has passed on CentOS6/GCC 4.9 though.

0001-Use-secure-idiom-for-calling-syslog.patch (1.25 KB) 0001-Use-secure-idiom-for-calling-syslog.patch Ben Morgan, 10/03/2016 09:12 AM

History

#1 Updated by Kyle Knoepfel over 4 years ago

  • Status changed from New to Accepted

We will review the patch and apply as appropriate.

#2 Updated by Kyle Knoepfel over 4 years ago

  • Status changed from Accepted to Resolved
  • Assignee set to Kyle Knoepfel
  • % Done changed from 0 to 100

Patch implemented with commit messagefacility:bbd5585.

#3 Updated by Kyle Knoepfel about 4 years ago

  • Status changed from Resolved to Closed
  • Target version set to 2.05.00

Also available in: Atom PDF