summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPhil Pennock <pdp@exim.org>2012-05-19 19:55:15 -0400
committerPhil Pennock <pdp@exim.org>2012-05-19 19:55:15 -0400
commit81f916832dd855953f614ca86a6e4ad898161564 (patch)
tree9dff9943ad0bd477c8ce136f6380cfcd7356a41a
parent927bcf888f79506d6567bec6918807668344ae6d (diff)
PRINTF_FUNCTION -> ALMOST_PRINTF.
WANT_DEEPER_PRINTF_CHECKS guards ALMOST_PRINTF being PRINTF_FUNCTION. Fix some actual issues exposed when I cut down on the spam.
-rw-r--r--doc/doc-txt/ChangeLog5
-rw-r--r--src/src/config.h.defaults3
-rw-r--r--src/src/deliver.c2
-rw-r--r--src/src/expand.c4
-rw-r--r--src/src/functions.h2
-rw-r--r--src/src/local_scan.h2
-rw-r--r--src/src/malware.c4
-rw-r--r--src/src/mytypes.h6
-rw-r--r--src/src/spool_mbox.c4
-rw-r--r--src/src/string.c2
10 files changed, 24 insertions, 10 deletions
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 620d87114..21f1ec747 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -129,6 +129,11 @@ PP/29 Fix three issues highlighted by clang analyser static analysis.
PP/30 Another attempt to deal with PCRE_PRERELEASE, this one less buggy.
+PP/31 %D in printf continues to cause issues (-Wformat=security), so for
+ now guard some of the printf checks behind WANT_DEEPER_PRINTF_CHECKS.
+ As part of this, removing so much warning spew let me fix some minor
+ real issues in debug logging.
+
Exim version 4.77
-----------------
diff --git a/src/src/config.h.defaults b/src/src/config.h.defaults
index 1e75a1e21..92a4cd348 100644
--- a/src/src/config.h.defaults
+++ b/src/src/config.h.defaults
@@ -167,6 +167,9 @@ it's a default value. */
#define EXPERIMENTAL_SPF
#define EXPERIMENTAL_SRS
+/* For developers */
+#define WANT_DEEPER_PRINTF_CHECKS
+
/* Things that are not routinely changed but are nevertheless configurable
just in case. */
diff --git a/src/src/deliver.c b/src/src/deliver.c
index 10b63397e..d4ea2d868 100644
--- a/src/src/deliver.c
+++ b/src/src/deliver.c
@@ -1213,7 +1213,7 @@ if (format != NULL)
va_start(ap, format);
if (!string_vformat(buffer, sizeof(buffer), CS format, ap))
log_write(0, LOG_MAIN|LOG_PANIC_DIE,
- "common_error expansion was longer than %d", sizeof(buffer));
+ "common_error expansion was longer than " SIZE_T_FMT, sizeof(buffer));
va_end(ap);
addr->message = string_copy(buffer);
}
diff --git a/src/src/expand.c b/src/src/expand.c
index 70fb32c5e..84167b688 100644
--- a/src/src/expand.c
+++ b/src/src/expand.c
@@ -1527,8 +1527,8 @@ while (last > first)
domain = Ustrrchr(s, '@');
if (domain == NULL) return s;
if (domain - s > sizeof(var_buffer) - 1)
- log_write(0, LOG_MAIN|LOG_PANIC_DIE, "local part longer than %d in "
- "string expansion", sizeof(var_buffer));
+ log_write(0, LOG_MAIN|LOG_PANIC_DIE, "local part longer than " SIZE_T_FMT
+ " in string expansion", sizeof(var_buffer));
Ustrncpy(var_buffer, s, domain - s);
var_buffer[domain - s] = 0;
return var_buffer;
diff --git a/src/src/functions.h b/src/src/functions.h
index 78f095adc..cf8c54fe9 100644
--- a/src/src/functions.h
+++ b/src/src/functions.h
@@ -325,7 +325,7 @@ extern uschar *string_copy_malloc(uschar *);
extern uschar *string_copylc(uschar *);
extern uschar *string_copynlc(uschar *, int);
extern uschar *string_dequote(uschar **);
-extern BOOL string_format(uschar *, int, const char *, ...) PRINTF_FUNCTION(3,4);
+extern BOOL string_format(uschar *, int, const char *, ...) ALMOST_PRINTF(3,4);
extern uschar *string_format_size(int, uschar *);
extern int string_interpret_escape(uschar **);
extern int string_is_ip_address(uschar *, int *);
diff --git a/src/src/local_scan.h b/src/src/local_scan.h
index 19350bf41..057e4d428 100644
--- a/src/src/local_scan.h
+++ b/src/src/local_scan.h
@@ -188,6 +188,6 @@ extern void smtp_printf(const char *, ...) PRINTF_FUNCTION(1,2);
extern void smtp_vprintf(const char *, va_list);
extern uschar *string_copy(const uschar *);
extern uschar *string_copyn(uschar *, int);
-extern uschar *string_sprintf(const char *, ...) PRINTF_FUNCTION(1,2);
+extern uschar *string_sprintf(const char *, ...) ALMOST_PRINTF(1,2);
/* End of local_scan.h */
diff --git a/src/src/malware.c b/src/src/malware.c
index 890665483..7de913f49 100644
--- a/src/src/malware.c
+++ b/src/src/malware.c
@@ -1074,7 +1074,7 @@ static int malware_internal(uschar **listptr, uschar *eml_filename, BOOL faking)
cmdline_trigger_re = pcre_compile(CS cmdline_trigger, PCRE_COPT, (const char **)&rerror, &roffset, NULL);
if (cmdline_trigger_re == NULL) {
log_write(0, LOG_MAIN|LOG_PANIC,
- "malware acl condition: regular expression error in '%s': %s at offset %d", cmdline_trigger_re, rerror, roffset);
+ "malware acl condition: regular expression error in '%s': %s at offset %d", cmdline_trigger, rerror, roffset);
return DEFER;
};
@@ -1092,7 +1092,7 @@ static int malware_internal(uschar **listptr, uschar *eml_filename, BOOL faking)
cmdline_regex_re = pcre_compile(CS cmdline_regex, PCRE_COPT, (const char **)&rerror, &roffset, NULL);
if (cmdline_regex_re == NULL) {
log_write(0, LOG_MAIN|LOG_PANIC,
- "malware acl condition: regular expression error in '%s': %s at offset %d", cmdline_regex_re, rerror, roffset);
+ "malware acl condition: regular expression error in '%s': %s at offset %d", cmdline_regex, rerror, roffset);
return DEFER;
};
diff --git a/src/src/mytypes.h b/src/src/mytypes.h
index f8a738da6..964abf820 100644
--- a/src/src/mytypes.h
+++ b/src/src/mytypes.h
@@ -37,6 +37,12 @@ the arguments of printf-like functions. This is done by a macro. */
#define ARG_UNUSED /**/
#endif
+#ifdef WANT_DEEPER_PRINTF_CHECKS
+#define ALMOST_PRINTF(A, B) PRINTF_FUNCTION(A, B)
+#else
+#define ALMOST_PRINTF(A, B)
+#endif
+
/* Some operating systems (naughtily, imo) include a definition for "uchar" in
the standard header files, so we use "uschar". Solaris has u_char in
diff --git a/src/src/spool_mbox.c b/src/src/spool_mbox.c
index 635fb8df1..bdeb2b1a6 100644
--- a/src/src/spool_mbox.c
+++ b/src/src/spool_mbox.c
@@ -56,7 +56,7 @@ FILE *spool_mbox(unsigned long *mbox_file_size, uschar *source_file_override) {
mbox_file = modefopen(mbox_path, "wb", SPOOL_MODE);
if (mbox_file == NULL) {
log_write(0, LOG_MAIN|LOG_PANIC, "%s", string_open_failed(errno,
- "scan file %s", mbox_file));
+ "scan file %s", mbox_path));
goto OUT;
};
@@ -155,7 +155,7 @@ FILE *spool_mbox(unsigned long *mbox_file_size, uschar *source_file_override) {
if (Ustat(mbox_path, &statbuf) != 0 ||
(yield = Ufopen(mbox_path,"rb")) == NULL) {
log_write(0, LOG_MAIN|LOG_PANIC, "%s", string_open_failed(errno,
- "scan file %s", mbox_file));
+ "scan file %s", mbox_path));
goto OUT;
};
diff --git a/src/src/string.c b/src/src/string.c
index 9764d3e38..08e604594 100644
--- a/src/src/string.c
+++ b/src/src/string.c
@@ -716,7 +716,7 @@ uschar buffer[STRING_SPRINTF_BUFFER_SIZE];
va_start(ap, format);
if (!string_vformat(buffer, sizeof(buffer), format, ap))
log_write(0, LOG_MAIN|LOG_PANIC_DIE,
- "string_sprintf expansion was longer than %d", sizeof(buffer));
+ "string_sprintf expansion was longer than " SIZE_T_FMT, sizeof(buffer));
va_end(ap);
return string_copy(buffer);
}