[DTrace-devel] [PATCH v2 2/7] cmd, libdtrace: fix potentially unsafe printf-like calls

Kris Van Hees kris.van.hees at oracle.com
Wed Dec 7 03:14:49 UTC 2022 

On Tue, Dec 06, 2022 at 05:31:21PM -0500, Eugene Loh via DTrace-devel wrote:
> How does v2 differ from the earlier patch?

Bah - submitted the wrong one...  v3 is the new v2.
> 
> On 12/6/22 17:17, Kris Van Hees via DTrace-devel wrote:
> > GCC 12 flagged some calls to printf-style functions for using a dynamic
> > string as format without arguments.  If the dymanic string somehow can
> > be made to contain a substitution sequence (%<something>) this would be
> > unsafe.
> > 
> > Signed-off-by: Kris Van Hees<kris.van.hees at oracle.com>
> > ---
> >   cmd/dtrace.c          | 4 ++--
> >   libdtrace/dt_printf.c | 2 +-
> >   2 files changed, 3 insertions(+), 3 deletions(-)
> > 
> > diff --git a/cmd/dtrace.c b/cmd/dtrace.c
> > index 732150df..58325921 100644
> > --- a/cmd/dtrace.c
> > +++ b/cmd/dtrace.c
> > @@ -521,7 +521,7 @@ prochandler(pid_t pid, const char *msg, void *arg)
> >   static int
> >   errhandler(const dtrace_errdata_t *data, void *arg)
> >   {
> > -	error(data->dteda_msg);
> > +	error("%s", data->dteda_msg);
> >   	return DTRACE_HANDLE_OK;
> >   }
> > @@ -529,7 +529,7 @@ errhandler(const dtrace_errdata_t *data, void *arg)
> >   static int
> >   drophandler(const dtrace_dropdata_t *data, void *arg)
> >   {
> > -	error(data->dtdda_msg);
> > +	error("%s", data->dtdda_msg);
> >   	return DTRACE_HANDLE_OK;
> >   }
> > diff --git a/libdtrace/dt_printf.c b/libdtrace/dt_printf.c
> > index d060670a..6ee317e6 100644
> > --- a/libdtrace/dt_printf.c
> > +++ b/libdtrace/dt_printf.c
> > @@ -1305,7 +1305,7 @@ dt_printf_format(dtrace_hdl_t *dtp, FILE *fp, const dt_pfargv_t *pfv,
> >   			memcpy(tmp, pfd->pfd_prefix, pfd->pfd_preflen);
> >   			tmp[pfd->pfd_preflen] = '\0';
> > -			if ((rval = dt_printf(dtp, fp, tmp)) < 0)
> > +			if ((rval = dt_printf(dtp, fp, "%s", tmp)) < 0)
> >   				return rval;
> >   			if (pfv->pfv_flags & DT_PRINTF_AGGREGATION) {
> > -- 2.37.2 _______________________________________________ DTrace-devel
> > mailing list DTrace-devel at oss.oracle.com
> > https://oss.oracle.com/mailman/listinfo/dtrace-devel
> 
> _______________________________________________
> DTrace-devel mailing list
> DTrace-devel at oss.oracle.com
> https://oss.oracle.com/mailman/listinfo/dtrace-devel

More information about the DTrace-devel mailing list