Skip to content
This repository has been archived by the owner on Sep 26, 2019. It is now read-only.

Commit

Permalink
Improve security by avoiding buffer overflows
Browse files Browse the repository at this point in the history 
This patch adds compiler flags to improve the security of STX code.
Flags added:
Format string vulnerabilities:           CFLAGS="-Wformat -Wformat-security"
Compiler will treat string format warnings as errors,
so at compiling level, buffer overflow is avoided.

Story: 2004380
Task: 28808

Signed-off-by: Luis Botello  <luis.botello.ortega@intel.com>
Reviewed-by: Erich Cordoba <erich.cordoba.malibran@intel.com>
             Victor Rodriguez <vm.rod25@gmail.com>
Suggested-by: Victor Rodriguez <vm.rod25@gmail.com>
              Erich Cordoba <erich.cordoba.malibran@intel.com>

Change-Id: I7e844718e14b35893f9eeb725e32d9d7477f0d57
  • Loading branch information
@lbotello
lbotello committed Jan 9, 2019
1 parent 7251eec commit be468f4
Show file tree
Hide file tree
Showing 5 changed files with 13 additions and 12 deletions.
6 changes: 3 additions & 3 deletions guest-agent/guest-scale-agent-2.0/Makefile
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
#
# BSD LICENSE
#
# Copyright(c) 2013-2016, Wind River Systems, Inc.
# Copyright(c) 2013-2016, Wind River Systems, Inc.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
Expand Down Expand Up @@ -34,7 +34,7 @@

EXECS = guest_scale_helper guest_scale_agent

CFLAGS= -g -Wall
CFLAGS= -g -Wall -Wformat -Wformat-security
ODIR=obj
BINDIR=bin

Expand Down Expand Up @@ -64,7 +64,7 @@ printvars:

.PHONY: printvars

all: host_all
all: host_all
host_all: $(BINEXECS) sdk/$(EXPORT_SDK).tgz

# The dependency tracking for the SDK tarball is rather crude. If any
Expand Down
3 changes: 2 additions & 1 deletion guest-client/guest-client-3.0.1/guest_client/src/Makefile
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
#
# Copyright(c) 2013-2016, Wind River Systems, Inc.
# Copyright(c) 2013-2016, Wind River Systems, Inc.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
Expand Down Expand Up @@ -66,6 +66,7 @@ program_BUILD_OBJS := $(addprefix $(BUILD_DIR)/, $(heartbeat_C_OBJS))
program_BUILD_OBJS += $(addprefix $(BUILD_DIR)/, $(program_C_OBJS))

CFLAGS = -g -O2 -Wall -Werror -Wformat -DSYSCONFDIR=$(sysconfdir)
CFLAGS += -Wformat-security

all: build

Expand Down
4 changes: 2 additions & 2 deletions guest-client/guest-client-3.0.1/guest_client/src/heartbeat/Makefile
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
#
# Copyright(c) 2013-2016, Wind River Systems, Inc.
# Copyright(c) 2013-2016, Wind River Systems, Inc.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
Expand Down Expand Up @@ -54,7 +54,7 @@ heartbeat_C_INCLUDES += -I$(CURRENT_DIR)/../../../include
heartbeat_C_SRCS := $(wildcard *.c)
heartbeat_C_OBJS := ${heartbeat_C_SRCS:.c=.o}

CFLAGS = -g -O2 -Wall -Werror -Wformat -DSYSCONFDIR=$(sysconfdir)
CFLAGS = -g -O2 -Wall -Werror -Wformat -DSYSCONFDIR=$(sysconfdir) -Wformat-security

%.o: %.c
$(CC) $(CFLAGS) $(heartbeat_C_INCLUDES) -c $< -o $(BUILD_DIR)/$@ -ljson-c
Expand Down
4 changes: 2 additions & 2 deletions guest-client/guest-client-3.0.1/guest_client_api/Makefile
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
#
# Copyright(c) 2013-2016, Wind River Systems, Inc.
# Copyright(c) 2013-2016, Wind River Systems, Inc.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
Expand Down Expand Up @@ -72,7 +72,7 @@ sample_C_OBJS := ${sample_C_SRCS:.c=.o}
sample_LDLIBS := -L$(BUILD_DIR) -l$(common_NAME) -l$(heartbeat_NAME) -lrt
sample_BUILD_OBJS := $(addprefix $(BUILD_DIR)/, $(sample_C_OBJS))

CFLAGS = -g -O2 -Wall -Werror -Wformat -fPIC -DSYSCONFDIR=$(sysconfdir)
CFLAGS = -g -O2 -Wall -Werror -Wformat -fPIC -DSYSCONFDIR=$(sysconfdir) -Wformat-security

all: build

Expand Down
8 changes: 4 additions & 4 deletions guest-comm/host-guest-comm-2.0/Makefile.sdk
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,14 +27,14 @@
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
#

.PHONY: all clean

EXECS= guest_agent server_group_app

CFLAGS= -g -Wall
LDFLAGS =
CFLAGS= -g -Wall -Wformat -Wformat-security
LDFLAGS =

ODIR=obj
BINDIR=bin
Expand All @@ -51,7 +51,7 @@ GUEST_CLIENT_APP_SRCS = server_group_app.c
GUEST_CLIENT_APP_OBJ := $(patsubst %,$(ODIR)/%,$(GUEST_CLIENT_APP_SRCS:.c=.o))

LIBGUESTHOSTMSG_SRCS := lib_guest_host_msg.c
LIBGUESTHOSTMSG_INCLUDES := guest_host_msg.h
LIBGUESTHOSTMSG_INCLUDES := guest_host_msg.h
LIBGUESTHOSTMSG_OBJ := $(patsubst %,$(ODIR)/%,$(LIBGUESTHOSTMSG_SRCS:.c=.o))
LIBGUESTHOSTMSG := guesthostmsg
LIBGUESTHOSTMSG_SO := $(patsubst %,lib%.so,$(LIBGUESTHOSTMSG))
Expand Down

0 comments on commit be468f4

Please sign in to comment.