Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix format security issue in zmq3 modules #1565

Merged

Conversation

Whissi
Copy link
Contributor

@Whissi Whissi commented May 17, 2017

This PR will fix 2 compilation errors when trying to build imzqm3 or omzmq3 module with -Werror=format-security:

omzmq3.c: In function ‘initZMQ’:
omzmq3.c:245:9: error: format not a string literal and no format arguments [-Werror=format-security]
	if(-1 == zsocket_bind(pData->socket, (char*)pData->description)) {
	^~
omzmq3.c:252:9: error: format not a string literal and no format arguments [-Werror=format-security]
	if(-1 == zsocket_connect(pData->socket, (char*)pData->description)) {
	^~

and

imzmq3.c: In function ‘createSocket’:
imzmq3.c:406:9: error: format not a string literal and no format arguments [-Werror=format-security]
         rv = zsocket_connect(*sock, info->description);
         ^~
imzmq3.c:416:9: error: format not a string literal and no format arguments [-Werror=format-security]
         rv = zsocket_bind(*sock, info->description);
         ^~

@rgerhards
Copy link
Member

I think it is fair to merge this patch without elaborate review ;-)

@rgerhards rgerhards merged commit 062d0c6 into rsyslog:master Jun 1, 2017
@rgerhards rgerhards added this to the v8.28 milestone Jun 1, 2017
@Whissi
Copy link
Contributor Author

Whissi commented Aug 15, 2017

I was informed that Novell/OpenSUSE requested a CVE for this change: CVE-2017-12588.

@Whissi Whissi deleted the fix-format-security-issue-in-zmq-modules branch August 15, 2017 09:28
@rgerhards
Copy link
Member

thanks, I'll add it to the changelog and see that we create an advisory. Please note that this is a contributed modul and as such always "use at your own risk". We can't even test it. I have also notified @taotetek and asked if he wants to write up something.

@lock
Copy link

lock bot commented Dec 27, 2019

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@lock lock bot locked as resolved and limited conversation to collaborators Dec 27, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

3 participants