review.tizen.org Git - platform/core/security/cynara.git/commit

Fix invocations of LOG missing format string argument

First argument of LOG* macros is passed to sd_journal_print() as format string.
In some places these macros were used with no format string at all, simply
passing e.what() from an exception. This could lead to a format string
vulnerability in the code, potentially allowing arbitrary code execution.
This error also caused build break:

In file included from /data/src/tizen/cynara/src/client/api/client-api.cpp:27:0:
/data/src/tizen/cynara/src/common/exceptions/TryCatch.h: In function
    ‘int Cynara::tryCatch(const std::function<int()>&)’:
    /data/src/tizen/cynara/src/common/exceptions/TryCatch.h:41:178: error:
    format not a string literal and no format arguments [-Werror=format-security]
         LOGE(e.what());
(... and more ...)

Change-Id: I1259283cf1bd2fa0fb2d271e38a7b416e17939f7
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>

author	Rafal Krypa <r.krypa@samsung.com>
	Mon, 10 Nov 2014 12:43:59 +0000 (13:43 +0100)
committer	Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
	Mon, 10 Nov 2014 16:39:42 +0000 (08:39 -0800)
commit	aaf46e4b88c42b633e731d526010ebe2a5197b42
tree	9d484ab817c45b0f71cf485f389d2c9ea1fcaa80	tree \| snapshot
parent	626099ee7f86f15d9d1e62826ecca418598e3a6c	commit \| diff

src/admin/api/admin-api.cpp		diff \| blob \| history
src/client-async/api/client-async-api.cpp		diff \| blob \| history
src/client/api/client-api.cpp		diff \| blob \| history
src/common/exceptions/TryCatch.h		diff \| blob \| history