[Openvpn-devel,v2] Silence warning about format string in check_ca_required

Message ID 20210609061532.12774-1-a@unstable.cc
State Accepted
Headers show
Series
  • [Openvpn-devel,v2] Silence warning about format string in check_ca_required
Related show

Commit Message

Antonio Quartulli June 9, 2021, 6:15 a.m.
From: Arne Schwabe <arne@rfc2549.org>

clang does not like if the format argument of printf like function
is not a string literal (or constant):

warning: format string is not a string literal (potentially insecure)

Make the format string constant to silence the warning.

Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Signed-off-by: Antonio Quartulli <a@unstable.cc>
---

Changes from v1:
* use const string instead of introducing "%s".

@Arne I anticipated this change because I "assumed" you would be ok with
it (patch is still yours), but feel free to comment of course.


 src/openvpn/options.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Selva Nair June 9, 2021, 9:36 p.m. | #1
Hi

On Wed, Jun 9, 2021 at 2:15 AM Antonio Quartulli <a@unstable.cc> wrote:

> From: Arne Schwabe <arne@rfc2549.org>
>
> clang does not like if the format argument of printf like function
> is not a string literal (or constant):
>
> warning: format string is not a string literal (potentially insecure)
>
> Make the format string constant to silence the warning.
>
> Signed-off-by: Arne Schwabe <arne@rfc2549.org>
> Signed-off-by: Antonio Quartulli <a@unstable.cc>
> ---
>
> Changes from v1:
> * use const string instead of introducing "%s".
>
> @Arne I anticipated this change because I "assumed" you would be ok with
> it (patch is still yours), but feel free to comment of course.
>
>
>  src/openvpn/options.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/src/openvpn/options.c b/src/openvpn/options.c
> index 819979b1..086f7b6e 100644
> --- a/src/openvpn/options.c
> +++ b/src/openvpn/options.c
> @@ -2069,7 +2069,7 @@ check_ca_required(const struct options *options)
>          return;
>      }
>
> -    const char* str = "You must define CA file (--ca)"
> +    const char* const str = "You must define CA file (--ca)"
>  #ifndef ENABLE_CRYPTO_MBEDTLS
>          " or CA path (--capath)"
>  #endif
> --
> 2.31.1
>

Changes from v1:
> * use const string instead of introducing "%s".
> @Arne I anticipated this change because I "assumed" you would be ok with
> it (patch is still yours), but feel free to comment of course.


>
In that spirit, assuming Antonio would have acked this had it been
submitted by Arne, I'm ready to ack this on his behalf..

Acked-by: <selva.nair@gmail.com> masquerading as "pick-your-name"

Earnestly hoping these lines don't show up again in a patch for a very long
time to come..

Selva
<div dir="ltr"><div>Hi</div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Jun 9, 2021 at 2:15 AM Antonio Quartulli &lt;a@unstable.cc&gt; wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">From: Arne Schwabe &lt;<a href="mailto:arne@rfc2549.org" target="_blank">arne@rfc2549.org</a>&gt;<br>
<br>
clang does not like if the format argument of printf like function<br>
is not a string literal (or constant):<br>
<br>
warning: format string is not a string literal (potentially insecure)<br>
<br>
Make the format string constant to silence the warning.<br>
<br>
Signed-off-by: Arne Schwabe &lt;<a href="mailto:arne@rfc2549.org" target="_blank">arne@rfc2549.org</a>&gt;<br>
Signed-off-by: Antonio Quartulli &lt;a@unstable.cc&gt;<br>
---<br>
<br>
Changes from v1:<br>
* use const string instead of introducing &quot;%s&quot;.<br>
<br>
@Arne I anticipated this change because I &quot;assumed&quot; you would be ok with<br>
it (patch is still yours), but feel free to comment of course.<br>
<br>
<br>
 src/openvpn/options.c | 2 +-<br>
 1 file changed, 1 insertion(+), 1 deletion(-)<br>
<br>
diff --git a/src/openvpn/options.c b/src/openvpn/options.c<br>
index 819979b1..086f7b6e 100644<br>
--- a/src/openvpn/options.c<br>
+++ b/src/openvpn/options.c<br>
@@ -2069,7 +2069,7 @@ check_ca_required(const struct options *options)<br>
         return;<br>
     }<br>
<br>
-    const char* str = &quot;You must define CA file (--ca)&quot;<br>
+    const char* const str = &quot;You must define CA file (--ca)&quot;<br>
 #ifndef ENABLE_CRYPTO_MBEDTLS<br>
         &quot; or CA path (--capath)&quot;<br>
 #endif<br>
-- <br>
2.31.1<br></blockquote><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Changes from v1:<br>* use const string instead of introducing &quot;%s&quot;.<br>@Arne I anticipated this change because I &quot;assumed&quot; you would be ok with<br>it (patch is still yours), but feel free to comment of course.</blockquote><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><br></blockquote><div><br></div><div>In that spirit, assuming Antonio would have acked this had it been submitted by Arne, I&#39;m ready to ack this on his behalf..</div><div><br></div><div>Acked-by: &lt;<a href="mailto:selva.nair@gmail.com" target="_blank">selva.nair@gmail.com</a>&gt; masquerading as &quot;pick-your-name&quot;</div><div><br></div><div>Earnestly hoping these lines don&#39;t show up again in a patch for a very long time to come..</div><div><br></div><div>Selva</div></div></div>
Gert Doering June 13, 2021, 6:27 p.m. | #2
Your patch has been applied to the master branch.

And I side with Selva "I do not want to see more of these lines in a patch 
for a very long time" :-)

commit d2e5412aa48e028c07bc7a3a9447593b711a9e0c
Author: Arne Schwabe
Date:   Wed Jun 9 08:15:32 2021 +0200

     Silence warning about format string in check_ca_required

     Signed-off-by: Arne Schwabe <arne@rfc2549.org>
     Signed-off-by: Antonio Quartulli <a@unstable.cc>
     Acked-by: Selva Nair <selva.nair@gmail.com>
     Message-Id: <20210609061532.12774-1-a@unstable.cc>
     URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg22519.html
     Signed-off-by: Gert Doering <gert@greenie.muc.de>


--
kind regards,

Gert Doering

Patch

diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 819979b1..086f7b6e 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -2069,7 +2069,7 @@  check_ca_required(const struct options *options)
         return;
     }
 
-    const char* str = "You must define CA file (--ca)"
+    const char* const str = "You must define CA file (--ca)"
 #ifndef ENABLE_CRYPTO_MBEDTLS
         " or CA path (--capath)"
 #endif