Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756454AbaF3SGZ (ORCPT ); Mon, 30 Jun 2014 14:06:25 -0400 Received: from mail-oa0-f45.google.com ([209.85.219.45]:37031 "EHLO mail-oa0-f45.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754315AbaF3SGY (ORCPT ); Mon, 30 Jun 2014 14:06:24 -0400 MIME-Version: 1.0 In-Reply-To: <20140630173944.GA1377@localhost> References: <53aeb8bc.DsBnC5jOuuC6IST2%fengguang.wu@intel.com> <20140628140726.GD5691@localhost> <20140630173944.GA1377@localhost> Date: Mon, 30 Jun 2014 11:06:23 -0700 Message-ID: Subject: Re: net/netfilter/xt_LOG.c:43: error: format not a string literal and no format arguments From: Kees Cook To: Pablo Neira Ayuso Cc: Fengguang Wu , LKML Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Jun 30, 2014 at 10:39 AM, Pablo Neira Ayuso wrote: > On Mon, Jun 30, 2014 at 10:05:01AM -0700, Kees Cook wrote: >> On Sat, Jun 28, 2014 at 7:07 AM, Fengguang Wu wrote: >> > tree: git://internal_merge_and_test_tree devel-ant-um-201406281943 >> > head: fbb9065499371b760e0543f2ff66fde4778b46ae >> > commit: 2af37708d3ce0ae78898051ea76bc7c5f683171c [30/31] Merge 'nftables/master' into devel-ant-um-201406281943 >> > config: make ARCH=avr32 atngw100_defconfig >> > >> > All error/warnings: >> > >> > net/netfilter/xt_LOG.c: In function 'log_tg': >> >>> net/netfilter/xt_LOG.c:43: error: format not a string literal and no format arguments >> > >> > vim +43 net/netfilter/xt_LOG.c >> > >> > 6939c33a Richard Weinberger 2012-02-10 27 #include >> > 6939c33a Richard Weinberger 2012-02-10 28 #include >> > 6939c33a Richard Weinberger 2012-02-10 29 #include >> > 6939c33a Richard Weinberger 2012-02-10 30 >> > 6939c33a Richard Weinberger 2012-02-10 31 static unsigned int >> > 6939c33a Richard Weinberger 2012-02-10 32 log_tg(struct sk_buff *skb, const struct xt_action_param *par) >> > 6939c33a Richard Weinberger 2012-02-10 33 { >> > 6939c33a Richard Weinberger 2012-02-10 34 const struct xt_log_info *loginfo = par->targinfo; >> > 6939c33a Richard Weinberger 2012-02-10 35 struct nf_loginfo li; >> > 8cdb46da Hans Schillstrom 2013-05-15 36 struct net *net = dev_net(par->in ? par->in : par->out); >> > 6939c33a Richard Weinberger 2012-02-10 37 >> > 6939c33a Richard Weinberger 2012-02-10 38 li.type = NF_LOG_TYPE_LOG; >> > 6939c33a Richard Weinberger 2012-02-10 39 li.u.log.level = loginfo->level; >> > 6939c33a Richard Weinberger 2012-02-10 40 li.u.log.logflags = loginfo->logflags; >> > 6939c33a Richard Weinberger 2012-02-10 41 >> > fab4085f Pablo Neira Ayuso 2014-06-18 42 nf_log_packet(net, par->family, par->hooknum, skb, par->in, par->out, >> > fab4085f Pablo Neira Ayuso 2014-06-18 @43 &li, loginfo->prefix); >> >> This needs to be: >> >> nf_log_packet(net, par->family, par->hooknum, skb, par->in, par->out, >> &li, "%s", loginfo->prefix); >> >> Without this, any format strings contained by "prefix" can get >> processed and leak kernel contents. > > > http://git.kernel.org/cgit/linux/kernel/git/pablo/nf-next.git/commit/?id=ca1aa54f272d47bec77baa292f803df7a81f966b Ah-ha! Perfect, thanks! :) -Kees -- Kees Cook Chrome OS Security -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/