| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 13 Apr 2024 02:50:03 +0100
From: Dmitry Safonov <0x7f454c46@...il.com>
To: 0x7f454c46@...il.com
Cc: "David S. Miller" <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>,
Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>, Shuah Khan <shuah@...nel.org>,
netdev@...r.kernel.org, linux-kselftest@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH net 3/4] selftests/tcp_ao: Fix fscanf() call for format-security
On Sat, 13 Apr 2024 at 02:43, Dmitry Safonov via B4 Relay
<devnull+0x7f454c46.gmail.com@...nel.org> wrote:
>
> From: Dmitry Safonov <0x7f454c46@...il.com>
>
> On my new laptop with packages from nixos-unstable, gcc 12.3.0 produces:
> > lib/proc.c: In function ‘netstat_read_type’:
> > lib/proc.c:89:9: error: format not a string literal and no format arguments [-Werror=format-security]
> > 89 | if (fscanf(fnetstat, type->header_name) == EOF)
> > | ^~
> > cc1: some warnings being treated as errors
>
> Here the selftests lib parses header name, while expectes non-space word
> ending with a column.
>
> Fixes: cfbab37b3da0 ("selftests/net: Add TCP-AO library")
> Signed-off-by: Dmitry Safonov <0x7f454c46@...il.com>
Actually, now I see that it was also reported, adding
Reported-by: Muhammad Usama Anjum <usama.anjum@...labora.com>
Link: https://lore.kernel.org/all/0c6d4f0d-2064-4444-986b-1d1ed782135f@collabora.com/
--
Dmitry
Powered by blists - more mailing lists