Scalable OGo (SOGo)

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0001670SOGoSOPEpublic2012-03-10 03:592012-03-23 15:23
Reporteravoegele 
Assigned Toludovic 
PrioritynormalSeverityminorReproducibilityalways
StatusresolvedResolutionfixed 
PlatformOSOS Version
Product Versiongit / nightly 
Target Version1.3.15Fixed in Version1.3.15 
Summary0001670: Building NGLogSyslogAppender.m with -Werror=format-security fails
DescriptionWhen building NGLogSyslogAppender.m with the compiler option -Werror=format-security the build fails as the compiler cannot determine whether a format string is passed to syslog() or not:

    syslog(level, [formattedMsg cString]);

The following idiom is secure and makes GCC happy:

    syslog(level, "%s", [formattedMsg cString]);

From the syslog(3) manual page:

    Never pass a string with user-supplied data as a format, use the
    following instead:

       syslog(priority, "%s", string);
Additional InformationSee http://wiki.debian.org/Hardening [^] for more information.
TagsNo tags attached.
Attached Filesdiff file icon NGLogSyslogAppender_m.diff [^] (485 bytes) 2012-03-10 03:59 [Show Content]

- Relationships Relation Graph ] Dependency Graph ]

-  Notes
(0003635)
ludovic (administrator)
2012-03-23 15:23

Fixed: http://mtn.inverse.ca/revision/diff/df0ef67a4bf2065b385d60810d28973f0fb0c981/with/c60cd0952994b1cdcab7aebd637a1fa8e01da711 [^]

- Issue History
Date Modified Username Field Change
2012-03-10 03:59 avoegele New Issue
2012-03-10 03:59 avoegele File Added: NGLogSyslogAppender_m.diff
2012-03-16 14:32 ludovic Target Version => 1.3.14
2012-03-23 08:33 francis Target Version 1.3.14 => 1.3.15
2012-03-23 15:23 ludovic Note Added: 0003635
2012-03-23 15:23 ludovic Status new => resolved
2012-03-23 15:23 ludovic Fixed in Version => 1.3.15
2012-03-23 15:23 ludovic Resolution open => fixed
2012-03-23 15:23 ludovic Assigned To => ludovic


Copyright © 2000 - 2012 MantisBT Group
Powered by Mantis Bugtracker