From c2b26cb83d9bf3f91e986625efcc40fc8eb79a13 Mon Sep 17 00:00:00 2001 From: Nick Kralevich Date: Thu, 23 Feb 2012 13:04:26 -0800 Subject: [PATCH] BandwidthController: fix format string bugs In 876666947664c718a8d0cae9bbddb06cc91f912c, a new %s was added to ALERT_IPT_TEMPLATE. Not all users of this string were updated. This change modifies ALERT_IPT_TEMPLATE to be a #define, which allows gcc's format string detection work. Add -Werror=format to error out on any string format warning. Testing: Code compiles. I don't know how to test this change properly. Bug: 5948299 Change-Id: I0ec307972e6bf50abd8ba099166c22069a6c6580 --- Android.mk | 2 +- BandwidthController.cpp | 13 ++++++------- BandwidthController.h | 1 - 3 files changed, 7 insertions(+), 9 deletions(-) diff --git a/Android.mk b/Android.mk index 612a2cf..2c17979 100644 --- a/Android.mk +++ b/Android.mk @@ -34,7 +34,7 @@ LOCAL_C_INCLUDES := $(KERNEL_HEADERS) \ bionic/libc/private \ $(call include-path-for, libhardware_legacy)/hardware_legacy -LOCAL_CFLAGS := +LOCAL_CFLAGS := -Werror=format LOCAL_SHARED_LIBRARIES := libstlport libsysutils libcutils libnetutils \ libcrypto libhardware_legacy diff --git a/BandwidthController.cpp b/BandwidthController.cpp index f66df0a..b91a7c6 100644 --- a/BandwidthController.cpp +++ b/BandwidthController.cpp @@ -48,7 +48,7 @@ extern "C" int system_nosh(const char *command); #include "oem_iptables_hook.h" /* Alphabetical */ -const char BandwidthController::ALERT_IPT_TEMPLATE[] = "%s %s %s -m quota2 ! --quota %lld --name %s"; +#define ALERT_IPT_TEMPLATE "%s %s %s -m quota2 ! --quota %lld --name %s" const int BandwidthController::ALERT_RULE_POS_IN_COSTLY_CHAIN = 4; const char BandwidthController::ALERT_GLOBAL_NAME[] = "globalAlert"; const char BandwidthController::IP6TABLES_PATH[] = "/system/bin/ip6tables"; @@ -694,12 +694,12 @@ int BandwidthController::runIptablesAlertCmd(IptOp op, const char *alertName, in ifaceLimiting = "! -i lo+"; asprintf(&alertQuotaCmd, ALERT_IPT_TEMPLATE, ifaceLimiting, opFlag, "INPUT", - bytes, alertName, alertName); + bytes, alertName); res |= runIpxtablesCmd(alertQuotaCmd, IptRejectNoAdd); free(alertQuotaCmd); ifaceLimiting = "! -o lo+"; asprintf(&alertQuotaCmd, ALERT_IPT_TEMPLATE, ifaceLimiting, opFlag, "OUTPUT", - bytes, alertName, alertName); + bytes, alertName); res |= runIpxtablesCmd(alertQuotaCmd, IptRejectNoAdd); free(alertQuotaCmd); return res; @@ -726,7 +726,7 @@ int BandwidthController::runIptablesAlertFwdCmd(IptOp op, const char *alertName, ifaceLimiting = "! -i lo+"; asprintf(&alertQuotaCmd, ALERT_IPT_TEMPLATE, ifaceLimiting, opFlag, "FORWARD", - bytes, alertName, alertName); + bytes, alertName); res = runIpxtablesCmd(alertQuotaCmd, IptRejectNoAdd); free(alertQuotaCmd); return res; @@ -882,8 +882,7 @@ int BandwidthController::setCostlyAlert(const char *costName, int64_t bytes, int res = updateQuota(alertName, *alertBytes); } else { asprintf(&chainNameAndPos, "costly_%s %d", costName, ALERT_RULE_POS_IN_COSTLY_CHAIN); - asprintf(&alertQuotaCmd, ALERT_IPT_TEMPLATE, "-I", chainNameAndPos, bytes, alertName, - alertName); + asprintf(&alertQuotaCmd, ALERT_IPT_TEMPLATE, "", "-I", chainNameAndPos, bytes, alertName); res |= runIpxtablesCmd(alertQuotaCmd, IptRejectNoAdd); free(alertQuotaCmd); free(chainNameAndPos); @@ -906,7 +905,7 @@ int BandwidthController::removeCostlyAlert(const char *costName, int64_t *alertB } asprintf(&chainName, "costly_%s", costName); - asprintf(&alertQuotaCmd, ALERT_IPT_TEMPLATE, "-D", chainName, *alertBytes, alertName, alertName); + asprintf(&alertQuotaCmd, ALERT_IPT_TEMPLATE, "", "-D", chainName, *alertBytes, alertName); res |= runIpxtablesCmd(alertQuotaCmd, IptRejectNoAdd); free(alertQuotaCmd); free(chainName); diff --git a/BandwidthController.h b/BandwidthController.h index 1aa19e5..2b4cecb 100644 --- a/BandwidthController.h +++ b/BandwidthController.h @@ -152,7 +152,6 @@ private: static const char *IPT_BASIC_ACCOUNTING_COMMANDS[]; /* Alphabetical */ - static const char ALERT_IPT_TEMPLATE[]; static const int ALERT_RULE_POS_IN_COSTLY_CHAIN; static const char ALERT_GLOBAL_NAME[]; static const char IP6TABLES_PATH[]; -- 2.11.0