From: Amos Jeffries Date: Sat, 8 Feb 2014 12:33:31 +0000 (-0700) Subject: Move compat/unsafe.h protections from libcompat to source maintenance X-Git-Tag: SQUID_3_5_0_1~383 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b8889258520a73489a4d7c1910ea96ee1b727524;p=thirdparty%2Fsquid.git Move compat/unsafe.h protections from libcompat to source maintenance It is sufficient to run a code scan from source-maintenance.sh for the unsafe functions being used in Squid-specific code instead of hard-coding compiler breakage on users. This also "fixes" reporting of errors when cstdio pulls in use of the unsafe functions by stdlib. --- diff --git a/compat/Makefile.am b/compat/Makefile.am index 22ffcf8cdd..70cf427ad5 100644 --- a/compat/Makefile.am +++ b/compat/Makefile.am @@ -45,7 +45,6 @@ libcompat_squid_la_SOURCES = \ strnrchr.c \ tempnam.h \ types.h \ - unsafe.h \ valgrind.h \ xalloc.cc \ xalloc.h \ diff --git a/compat/compat.h b/compat/compat.h index 54720192bf..ee2d231af7 100644 --- a/compat/compat.h +++ b/compat/compat.h @@ -103,9 +103,6 @@ */ #include "compat/GnuRegex.h" -/* some functions are unsafe to be used in Squid. */ -#include "compat/unsafe.h" - /* cppunit is not quite C++0x compatible yet */ #include "compat/cppunit.h" diff --git a/compat/unsafe.h b/compat/unsafe.h deleted file mode 100644 index d58f546a03..0000000000 --- a/compat/unsafe.h +++ /dev/null @@ -1,17 +0,0 @@ -#ifndef _SQUID_COMPAT_UNSAFE_H -#define _SQUID_COMPAT_UNSAFE_H - -/* - * Trap unintentional use of functions unsafe for use within squid. - */ - -#if !SQUID_NO_STRING_BUFFER_PROTECT -#ifndef sprintf -#define sprintf ERROR_sprintf_UNSAFE_IN_SQUID -#endif -#ifndef strdup -#define strdup ERROR_strdup_UNSAFE_IN_SQUID -#endif -#endif /* SQUID_NO_STRING_BUFFER_PROTECT */ - -#endif /* _SQUID_COMPAT_UNSAFE_H */ diff --git a/scripts/source-maintenance.sh b/scripts/source-maintenance.sh index 0ecb756d98..72c250a00b 100755 --- a/scripts/source-maintenance.sh +++ b/scripts/source-maintenance.sh @@ -105,6 +105,19 @@ for FILENAME in `ls -1`; do echo "ERROR: ${PWD}/${FILENAME} contains reference to forward.h without path" fi + # + # detect functions unsafe for use within Squid. + # strdup() + # + STRDUP=`grep -e "[^x]strdup" ${FILENAME}`; + if test "x${STRDUP}" != "x" ; then + echo "ERROR: ${PWD}/${FILENAME} contains unprotected use of strdup()" + fi + SPRINTF=`grep -e "[^v]sprintf" ${FILENAME}`; + if test "x${SPRINTF}" != "x" ; then + echo "ERROR: ${PWD}/${FILENAME} contains unsafe use of sprintf()" + fi + # # DEBUG Section list maintenance # diff --git a/src/cache_cf.cc b/src/cache_cf.cc index 95fcd154d7..6224a44697 100644 --- a/src/cache_cf.cc +++ b/src/cache_cf.cc @@ -4499,10 +4499,10 @@ static void parse_sslproxy_cert_adapt(sslproxy_cert_adapt **cert_adapt) if (strcmp(al, Ssl::CertAdaptAlgorithmStr[Ssl::algSetValidAfter]) == 0) { ca->alg = Ssl::algSetValidAfter; - ca->param = strdup("on"); + ca->param = xstrdup("on"); } else if (strcmp(al, Ssl::CertAdaptAlgorithmStr[Ssl::algSetValidBefore]) == 0) { ca->alg = Ssl::algSetValidBefore; - ca->param = strdup("on"); + ca->param = xstrdup("on"); } else if (strcmp(al, Ssl::CertAdaptAlgorithmStr[Ssl::algSetCommonName]) == 0) { ca->alg = Ssl::algSetCommonName; if (param) { @@ -4511,7 +4511,7 @@ static void parse_sslproxy_cert_adapt(sslproxy_cert_adapt **cert_adapt) self_destruct(); return; } - ca->param = strdup(param); + ca->param = xstrdup(param); } } else { debugs(3, DBG_CRITICAL, "FATAL: sslproxy_cert_adapt: unknown cert adaptation algorithm: " << al);