Bug 52564 - Fail to build with security hardening cflags
Summary: Fail to build with security hardening cflags
Alias: None
Product: Tomcat Connectors
Classification: Unclassified
Component: mod_jk (show other bugs)
Version: 1.2.32
Hardware: PC Linux
: P2 minor (vote)
Target Milestone: ---
Assignee: Tomcat Developers Mailing List
Depends on:
Reported: 2012-01-31 07:52 UTC by Damien Raude-Morvan
Modified: 2012-02-06 07:38 UTC (History)
0 users

Fix FTBFS with -Werror=format-security (1022 bytes, patch)
2012-02-05 23:30 UTC, Damien Raude-Morvan
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Damien Raude-Morvan 2012-01-31 07:52:05 UTC

Apache Mod_Jk fails to build with security hardening cflags [1]. As part as an ongoing effort in Debian, we are trying to build as much as possible "network" package with hardening features enabled [2].

Current failure is :
/usr/share/apr-1.0/build/libtool --silent --mode=compile x86_64-linux-gnu-gcc -I/usr/include/apache2 -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -DHAVE_CONFIG_H -DUSE_APACHE_MD5 -I ../common -I /include -I /include/unix  -DLINUX=2 -D_FORTIFY_SOURCE=2 -D_GNU_SOURCE -D_REENTRANT -I/usr/include/apr-1.0 -I/usr/include/openssl -I/usr/include/xmltok -pthread   -DHAVE_APR  -I/usr/include/apr-1.0 -I/usr/include/apr-1.0 -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -DHAVE_CONFIG_H   -c mod_jk.c -o mod_jk.lo
mod_jk.c: In function 'jk_error_exit':
mod_jk.c:678:5: error: format not a string literal and no format arguments [-Werror=format-security]
mod_jk.c:684:9: error: format not a string literal and no format arguments [-Werror=format-security]
cc1: some warnings being treated as errors

[1] "-Wformat -Wformat-security -Werror=format-security"
[2] http://wiki.debian.org/Hardening

Comment 1 Rainer Jung 2012-01-31 10:02:06 UTC
First note, that the format string argument used in those two lines was explicitely sanitized by removing any % character just a few lines above that precisely because we pass it along without arguments.

How to really fix this? I didn't find a way to tell gcc that this special argument is save. Starting with gcc 4.6 we could use a pragma to switch of format-security checking just for those lines.

Which gcc version is Debian using? Any better ideas how to correctly signal gcc, that there is no problem here?

In fact we do not use the ability to pass along arguments to format in jk_error_exit in the code for Apache 2.x, but we do use it in the code for 1.3 and I'm not yet ready to simply drop that feature.


Comment 2 Damien Raude-Morvan 2012-02-05 23:30:52 UTC
Created attachment 28273 [details]
Fix FTBFS with -Werror=format-security
Comment 3 Damien Raude-Morvan 2012-02-05 23:33:09 UTC

FTR, Debian currently use GCC 4.6 (maybe GC 4.7 soon). I've attached a small patch done by tony mancill <tmancill@debian.org> to help fix this.

Could you please consider this for inclusion ?

Comment 4 Rainer Jung 2012-02-06 07:38:30 UTC
Thanks for the patch. on't know why I didn't consider that myself.

Applied in r1240904. Will be part of 1.2.33.