PHP :: Bug #61536 :: when building with hardening-wrapper, mysqlnd fails with format exceptions

Bug #61536	when building with hardening-wrapper, mysqlnd fails with format exceptions
Submitted:	2012-03-28 00:19 UTC	Modified:	2012-05-04 09:46 UTC
From:	i dot galic at brainsware dot org	Assigned:	uw (profile)
Status:	Closed	Package:	MySQL related
PHP Version:	5.4.0	OS:	Ubuntu
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	i dot galic at brainsware dot org
New email:
PHP Version:		OS:

New Comment:

[2012-03-28 00:19 UTC] i dot galic at brainsware dot org

Description:
------------
when building with hardening-wrapper, mysqlnd fails with format exceptions



Test script:
---------------
add CFLAGS="$CFLAGS -Werror=format-security"

Expected result:
----------------
Everything builds happily.

Actual result:
--------------
php-5.4.0/ext/mysqlnd/mysqlnd_wireprotocol.c: In function ‘php_mysqlnd_auth_write’:
php-5.4.0/ext/mysqlnd/mysqlnd_wireprotocol.c:503:4: error: format not a string literal and no format arguments [-Werror=format-security]
cc1: some warnings being treated as errors

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2012-05-02 14:52 UTC] uw@php.net

Funny compiler...

			const char * const msg = "Authentication data too long. "
				"Won't fit into the buffer and will be truncated. Authentication will thus fail";
			SET_CLIENT_ERROR(*conn->error_info, CR_UNKNOWN_ERROR, UNKNOWN_SQLSTATE, msg);
			php_error_docref(NULL TSRMLS_CC, E_WARNING, "%s", msg);
			DBG_RETURN(0);

[2012-05-04 09:46 UTC] uw@php.net

-Status: Open +Status: Closed -Assigned To: +Assigned To: uw

[2012-05-04 09:46 UTC] uw@php.net

This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.

Duplicate of https://bugs.php.net/bug.php?id=60948 :

 [2012-02-01 13:10 UTC] ondrej@php.net

Description:
------------
$ svn diff
Index: ext/mysqlnd/mysqlnd_wireprotocol.c
===================================================================
--- ext/mysqlnd/mysqlnd_wireprotocol.c	(revision 322993)
+++ ext/mysqlnd/mysqlnd_wireprotocol.c	(working copy)
@@ -500,7 +500,7 @@
 			const char * const msg = "Authentication data too long. 
"
 				"Won't fit into the buffer and will be 
truncated. Authentication will thus fail";
 			SET_CLIENT_ERROR(*conn->error_info, CR_UNKNOWN_ERROR, 
UNKNOWN_SQLSTATE, msg);
-			php_error_docref(NULL TSRMLS_CC, E_WARNING, msg);
+			php_error_docref(NULL TSRMLS_CC, E_WARNING, "%s", msg);
 			DBG_RETURN(0);
 		}

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Tue Jul 01 19:01:37 2025 UTC