-Werror=format-security and gettext(3) #1330
Description
../../opt/lib/csrand.c:70:27: error: format string is not a string literal (potentially insecure) [-Werror,-Wformat-security]
70 | fprintf(log_get_logfd(), _("Unable to obtain random bytes.\n"));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
I've been wondering for a long time why we haven't seen errors from this. Now I've seen them (by manually disabling some optimizations in my system headers).
So, we're leaving the security of the project entirely to translators, it seems? If a translator were to change a format string to introduce a vulnerability, we might not notice. I propose having some serious refactor to reduce translations to a minimum, and to put them in the variadic part, not as part of the format string. So:
fprintf(log_get_logfd(), "%s\n", _(Unable to obtain random bytes"));Or even better:
fprinte(log_get_logfd(), "csrand");Cc: @ikerexxe