php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #61536 when building with hardening-wrapper, mysqlnd fails with format exceptions
Submitted: 2012-03-28 00:19 UTC Modified: 2012-05-04 09:46 UTC
From: i dot galic at brainsware dot org Assigned: uw (profile)
Status: Closed Package: MySQL related
PHP Version: 5.4.0 OS: Ubuntu
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: i dot galic at brainsware dot org
New email:
PHP Version: OS:

 

 [2012-03-28 00:19 UTC] i dot galic at brainsware dot org 
Description:
------------
when building with hardening-wrapper, mysqlnd fails with format exceptions



Test script:
---------------
add CFLAGS="$CFLAGS -Werror=format-security"

Expected result:
----------------
Everything builds happily.

Actual result:
--------------
php-5.4.0/ext/mysqlnd/mysqlnd_wireprotocol.c: In function ‘php_mysqlnd_auth_write’:
php-5.4.0/ext/mysqlnd/mysqlnd_wireprotocol.c:503:4: error: format not a string literal and no format arguments [-Werror=format-security]
cc1: some warnings being treated as errors

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-05-02 14:52 UTC] uw@php.net 
Funny compiler...

			const char * const msg = "Authentication data too long. "
				"Won't fit into the buffer and will be truncated. Authentication will thus fail";
			SET_CLIENT_ERROR(*conn->error_info, CR_UNKNOWN_ERROR, UNKNOWN_SQLSTATE, msg);
			php_error_docref(NULL TSRMLS_CC, E_WARNING, "%s", msg);
			DBG_RETURN(0);
 [2012-05-04 09:46 UTC] uw@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: uw
 [2012-05-04 09:46 UTC] uw@php.net 
This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.

Duplicate of https://bugs.php.net/bug.php?id=60948 :

 [2012-02-01 13:10 UTC] ondrej@php.net

Description:
------------
$ svn diff
Index: ext/mysqlnd/mysqlnd_wireprotocol.c
===================================================================
--- ext/mysqlnd/mysqlnd_wireprotocol.c	(revision 322993)
+++ ext/mysqlnd/mysqlnd_wireprotocol.c	(working copy)
@@ -500,7 +500,7 @@
 			const char * const msg = "Authentication data too long. 
"
 				"Won't fit into the buffer and will be 
truncated. Authentication will thus fail";
 			SET_CLIENT_ERROR(*conn->error_info, CR_UNKNOWN_ERROR, 
UNKNOWN_SQLSTATE, msg);
-			php_error_docref(NULL TSRMLS_CC, E_WARNING, msg);
+			php_error_docref(NULL TSRMLS_CC, E_WARNING, "%s", msg);
 			DBG_RETURN(0);
 		}
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu May 02 08:01:32 2024 UTC