additional compiler hardening flags

Darren Tucker dtucker at zip.com.au
Fri Jan 17 10:10:48 EST 2014


On Thu, Jan 16, 2014 at 11:44:26PM +0100, Corinna Vinschen wrote:
> Will you accept patches to get rid of the existing warnings so we can
> build all of OpenSSH with -Werror?

Probably yes as long as it doesn't break any currently-working
platforms, and isn't a large maintenace burden.  At one point I could
compile on Fedora warning-free including PAM support, but I see a couple
of warnings have crept in due to either pickier compilers or platform
changes.

So warning fixes for -portable specific code: sure.  For code shared
with openbsd, yes if we can push it back upstream or do it in a way
that's doesn't cause every diff we pull to be a hassle.  Other things
maybe depending on what it is.

What have you got?  I'll open the bidding.

loginrec.c: In function 'login_get_lastlog':
loginrec.c:316:7: warning: format '%lu' expects argument of type
'long unsigned int', but argument 3 has type 'size_t' [-Wformat]
loginrec.c:316:7: warning: format '%lu' expects argument of type
'long unsigned int', but argument 4 has type 'unsigned int' [-Wformat]

Index: loginrec.c
===================================================================
RCS file: /home/dtucker/openssh/cvs/openssh/loginrec.c,v
retrieving revision 1.93
diff -u -p -r1.93 loginrec.c
--- loginrec.c	29 Dec 2013 06:40:19 -0000	1.93
+++ loginrec.c	16 Jan 2014 22:58:07 -0000
@@ -313,7 +313,8 @@ login_get_lastlog(struct logininfo *li, 
 	if (strlcpy(li->username, pw->pw_name, sizeof(li->username)) >=
 	    sizeof(li->username)) {
 		error("%s: username too long (%lu > max %lu)", __func__,
-		    strlen(pw->pw_name), sizeof(li->username) - 1);
+		    (unsigned long)strlen(pw->pw_name),
+		    (unsigned long)sizeof(li->username) - 1);
 		return NULL;
 	}
 

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.


More information about the openssh-unix-dev mailing list