commit c2b26cb83d9bf3f91e986625efcc40fc8eb79a13
author Nick Kralevich <nnk@google.com> Thu Feb 23 13:04:26 2012 -0800
committer Nick Kralevich <nnk@google.com> Thu Feb 23 14:50:29 2012 -0800
tree b7e558b58713fd3d81c961d248000ca7adf20091
parent 0a379691e04700b3b44948450b1e3db92ef2ec01

BandwidthController: fix format string bugs

In 876666947664c718a8d0cae9bbddb06cc91f912c, a new %s
was added to ALERT_IPT_TEMPLATE. Not all users of this string
were updated.

This change modifies ALERT_IPT_TEMPLATE to be a #define, which
allows gcc's format string detection work.

Add -Werror=format to error out on any string format warning.

Testing: Code compiles. I don't know how to test this change
properly.

Bug: 5948299
Change-Id: I0ec307972e6bf50abd8ba099166c22069a6c6580

Android.mk

diff --git a/Android.mk b/Android.mk
index 612a2cf..2c17979 100644
--- a/Android.mk
+++ b/Android.mk
@@ -34,7 +34,7 @@
                     bionic/libc/private \
                     $(call include-path-for, libhardware_legacy)/hardware_legacy
 
-LOCAL_CFLAGS :=
+LOCAL_CFLAGS := -Werror=format
 
 LOCAL_SHARED_LIBRARIES := libstlport libsysutils libcutils libnetutils \
                           libcrypto libhardware_legacy

BandwidthController.cpp

diff --git a/BandwidthController.cpp b/BandwidthController.cpp
index f66df0a..b91a7c6 100644
--- a/BandwidthController.cpp
+++ b/BandwidthController.cpp
@@ -48,7 +48,7 @@
 #include "oem_iptables_hook.h"
 
 /* Alphabetical */
-const char BandwidthController::ALERT_IPT_TEMPLATE[] = "%s %s %s -m quota2 ! --quota %lld --name %s";
+#define ALERT_IPT_TEMPLATE "%s %s %s -m quota2 ! --quota %lld --name %s"
 const int  BandwidthController::ALERT_RULE_POS_IN_COSTLY_CHAIN = 4;
 const char BandwidthController::ALERT_GLOBAL_NAME[] = "globalAlert";
 const char BandwidthController::IP6TABLES_PATH[] = "/system/bin/ip6tables";
@@ -694,12 +694,12 @@
 
     ifaceLimiting = "! -i lo+";
     asprintf(&alertQuotaCmd, ALERT_IPT_TEMPLATE, ifaceLimiting, opFlag, "INPUT",
-        bytes, alertName, alertName);
+        bytes, alertName);
     res |= runIpxtablesCmd(alertQuotaCmd, IptRejectNoAdd);
     free(alertQuotaCmd);
     ifaceLimiting = "! -o lo+";
     asprintf(&alertQuotaCmd, ALERT_IPT_TEMPLATE, ifaceLimiting, opFlag, "OUTPUT",
-        bytes, alertName, alertName);
+        bytes, alertName);
     res |= runIpxtablesCmd(alertQuotaCmd, IptRejectNoAdd);
     free(alertQuotaCmd);
     return res;
@@ -726,7 +726,7 @@
 
     ifaceLimiting = "! -i lo+";
     asprintf(&alertQuotaCmd, ALERT_IPT_TEMPLATE, ifaceLimiting, opFlag, "FORWARD",
-        bytes, alertName, alertName);
+        bytes, alertName);
     res = runIpxtablesCmd(alertQuotaCmd, IptRejectNoAdd);
     free(alertQuotaCmd);
     return res;
@@ -882,8 +882,7 @@
         res = updateQuota(alertName, *alertBytes);
     } else {
         asprintf(&chainNameAndPos, "costly_%s %d", costName, ALERT_RULE_POS_IN_COSTLY_CHAIN);
-        asprintf(&alertQuotaCmd, ALERT_IPT_TEMPLATE, "-I", chainNameAndPos, bytes, alertName,
-                 alertName);
+        asprintf(&alertQuotaCmd, ALERT_IPT_TEMPLATE, "", "-I", chainNameAndPos, bytes, alertName);
         res |= runIpxtablesCmd(alertQuotaCmd, IptRejectNoAdd);
         free(alertQuotaCmd);
         free(chainNameAndPos);
@@ -906,7 +905,7 @@
     }
 
     asprintf(&chainName, "costly_%s", costName);
-    asprintf(&alertQuotaCmd, ALERT_IPT_TEMPLATE, "-D", chainName, *alertBytes, alertName, alertName);
+    asprintf(&alertQuotaCmd, ALERT_IPT_TEMPLATE, "", "-D", chainName, *alertBytes, alertName);
     res |= runIpxtablesCmd(alertQuotaCmd, IptRejectNoAdd);
     free(alertQuotaCmd);
     free(chainName);

BandwidthController.h

diff --git a/BandwidthController.h b/BandwidthController.h
index 1aa19e5..2b4cecb 100644
--- a/BandwidthController.h
+++ b/BandwidthController.h
@@ -152,7 +152,6 @@
     static const char *IPT_BASIC_ACCOUNTING_COMMANDS[];
 
     /* Alphabetical */
-    static const char ALERT_IPT_TEMPLATE[];
     static const int  ALERT_RULE_POS_IN_COSTLY_CHAIN;
     static const char ALERT_GLOBAL_NAME[];
     static const char IP6TABLES_PATH[];