Improve security by avoiding buffer overflows
This patch adds compiler flags to improve the security of STX code. Flags added: Format string vulnerabilities: CFLAGS="-Wformat -Wformat-security" Compiler will treat string format warnings as errors, so at compiling level, buffer overflow is avoided. Story: 2004380 Task: 28808 Signed-off-by: Luis Botello <luis.botello.ortega@intel.com> Reviewed-by: Erich Cordoba <erich.cordoba.malibran@intel.com> Victor Rodriguez <vm.rod25@gmail.com> Suggested-by: Victor Rodriguez <vm.rod25@gmail.com> Erich Cordoba <erich.cordoba.malibran@intel.com> Change-Id: I7e844718e14b35893f9eeb725e32d9d7477f0d57
This commit is contained in:
parent
7251eec3ba
commit
be468f45a7
|
@ -34,7 +34,7 @@
|
|||
|
||||
EXECS = guest_scale_helper guest_scale_agent
|
||||
|
||||
CFLAGS= -g -Wall
|
||||
CFLAGS= -g -Wall -Wformat -Wformat-security
|
||||
ODIR=obj
|
||||
BINDIR=bin
|
||||
|
||||
|
|
|
@ -66,6 +66,7 @@ program_BUILD_OBJS := $(addprefix $(BUILD_DIR)/, $(heartbeat_C_OBJS))
|
|||
program_BUILD_OBJS += $(addprefix $(BUILD_DIR)/, $(program_C_OBJS))
|
||||
|
||||
CFLAGS = -g -O2 -Wall -Werror -Wformat -DSYSCONFDIR=$(sysconfdir)
|
||||
CFLAGS += -Wformat-security
|
||||
|
||||
all: build
|
||||
|
||||
|
|
|
@ -54,7 +54,7 @@ heartbeat_C_INCLUDES += -I$(CURRENT_DIR)/../../../include
|
|||
heartbeat_C_SRCS := $(wildcard *.c)
|
||||
heartbeat_C_OBJS := ${heartbeat_C_SRCS:.c=.o}
|
||||
|
||||
CFLAGS = -g -O2 -Wall -Werror -Wformat -DSYSCONFDIR=$(sysconfdir)
|
||||
CFLAGS = -g -O2 -Wall -Werror -Wformat -DSYSCONFDIR=$(sysconfdir) -Wformat-security
|
||||
|
||||
%.o: %.c
|
||||
$(CC) $(CFLAGS) $(heartbeat_C_INCLUDES) -c $< -o $(BUILD_DIR)/$@ -ljson-c
|
||||
|
|
|
@ -72,7 +72,7 @@ sample_C_OBJS := ${sample_C_SRCS:.c=.o}
|
|||
sample_LDLIBS := -L$(BUILD_DIR) -l$(common_NAME) -l$(heartbeat_NAME) -lrt
|
||||
sample_BUILD_OBJS := $(addprefix $(BUILD_DIR)/, $(sample_C_OBJS))
|
||||
|
||||
CFLAGS = -g -O2 -Wall -Werror -Wformat -fPIC -DSYSCONFDIR=$(sysconfdir)
|
||||
CFLAGS = -g -O2 -Wall -Werror -Wformat -fPIC -DSYSCONFDIR=$(sysconfdir) -Wformat-security
|
||||
|
||||
all: build
|
||||
|
||||
|
|
|
@ -33,7 +33,7 @@
|
|||
|
||||
EXECS= guest_agent server_group_app
|
||||
|
||||
CFLAGS= -g -Wall
|
||||
CFLAGS= -g -Wall -Wformat -Wformat-security
|
||||
LDFLAGS =
|
||||
|
||||
ODIR=obj
|
||||
|
|
Loading…
Reference in New Issue