xt_LOG.c:43: error: format not a string literal and no format arguments

Kees Cook Mon, 30 Jun 2014 10:05:47 -0700

On Sat, Jun 28, 2014 at 7:07 AM, Fengguang Wu <fengguang...@intel.com> wrote:
> tree:   git://internal_merge_and_test_tree devel-ant-um-201406281943
> head:   fbb9065499371b760e0543f2ff66fde4778b46ae
> commit: 2af37708d3ce0ae78898051ea76bc7c5f683171c [30/31] Merge 
> 'nftables/master' into devel-ant-um-201406281943
> config: make ARCH=avr32 atngw100_defconfig
>
> All error/warnings:
>
>    net/netfilter/xt_LOG.c: In function 'log_tg':
>>> net/netfilter/xt_LOG.c:43: error: format not a string literal and no format 
>>> arguments
>
> vim +43 net/netfilter/xt_LOG.c
>
> 6939c33a Richard Weinberger 2012-02-10  27  #include 
> <linux/netfilter/xt_LOG.h>
> 6939c33a Richard Weinberger 2012-02-10  28  #include 
> <linux/netfilter_ipv6/ip6_tables.h>
> 6939c33a Richard Weinberger 2012-02-10  29  #include <net/netfilter/nf_log.h>
> 6939c33a Richard Weinberger 2012-02-10  30
> 6939c33a Richard Weinberger 2012-02-10  31  static unsigned int
> 6939c33a Richard Weinberger 2012-02-10  32  log_tg(struct sk_buff *skb, const 
> struct xt_action_param *par)
> 6939c33a Richard Weinberger 2012-02-10  33  {
> 6939c33a Richard Weinberger 2012-02-10  34      const struct xt_log_info 
> *loginfo = par->targinfo;
> 6939c33a Richard Weinberger 2012-02-10  35      struct nf_loginfo li;
> 8cdb46da Hans Schillstrom   2013-05-15  36      struct net *net = 
> dev_net(par->in ? par->in : par->out);
> 6939c33a Richard Weinberger 2012-02-10  37
> 6939c33a Richard Weinberger 2012-02-10  38      li.type = NF_LOG_TYPE_LOG;
> 6939c33a Richard Weinberger 2012-02-10  39      li.u.log.level = 
> loginfo->level;
> 6939c33a Richard Weinberger 2012-02-10  40      li.u.log.logflags = 
> loginfo->logflags;
> 6939c33a Richard Weinberger 2012-02-10  41
> fab4085f Pablo Neira Ayuso  2014-06-18  42      nf_log_packet(net, 
> par->family, par->hooknum, skb, par->in, par->out,
> fab4085f Pablo Neira Ayuso  2014-06-18 @43                    &li, 
> loginfo->prefix);


This needs to be:

nf_log_packet(net, par->family, par->hooknum, skb, par->in, par->out,
                     &li, "%s", loginfo->prefix);

Without this, any format strings contained by "prefix" can get
processed and leak kernel contents.

-Kees

> 6939c33a Richard Weinberger 2012-02-10  44      return XT_CONTINUE;
> 6939c33a Richard Weinberger 2012-02-10  45  }
> 6939c33a Richard Weinberger 2012-02-10  46
> 6939c33a Richard Weinberger 2012-02-10  47  static int log_tg_check(const 
> struct xt_tgchk_param *par)
> 6939c33a Richard Weinberger 2012-02-10  48  {
> 6939c33a Richard Weinberger 2012-02-10  49      const struct xt_log_info 
> *loginfo = par->targinfo;
> 6939c33a Richard Weinberger 2012-02-10  50
> 6939c33a Richard Weinberger 2012-02-10  51      if (par->family != 
> NFPROTO_IPV4 && par->family != NFPROTO_IPV6)
>
> ---
> 0-DAY kernel build testing backend              Open Source Technology Center
> http://lists.01.org/mailman/listinfo/kbuild                 Intel Corporation



-- 
Kees Cook
Chrome OS Security
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: net/netfilter/xt_LOG.c:43: error: format not a string literal and no format arguments

Reply via email to