[lttng-dev] [lttng-tools PATCH] Add a git version information in LTTng versions compiled from git sources

David Goulet dgoulet at efficios.com
Mon Mar 25 10:30:18 EDT 2013 

Hi,

Two things. First, the version.h.tmpl has to be added to EXTRA_DIST in
include/Makefile.am

Second thing, on line 86 of lttng.c, *never* *never* *never* pass a
variable to printf without a format.

fprintf(ofp, lttng_version);

This is a huge vector attack to format strings. Furthermore, outside of
the git tree, there is a warning:

lttng.c:86:2: warning: zero-length gnu_printf format string
[-Wformat-zero-length]

Thanks!
David

Raphaël Beamonte:
> Signed-off-by: Raphaël Beamonte <raphael.beamonte at gmail.com>
> ---
>  .gitignore                              |    2 ++
>  Makefile.am                             |    4 +--
>  include/Makefile.am                     |   45 ++++++++++++++++++++++++++++++-
>  include/version.h.tmpl                  |   27 +++++++++++++++++++
>  src/bin/lttng-sessiond/lttng-sessiond.h |   14 ++++++++++
>  src/bin/lttng-sessiond/main.c           |    2 +-
>  src/bin/lttng/commands/version.c        |    4 ++-
>  src/bin/lttng/lttng.c                   |    5 +++-
>  src/bin/lttng/utils.h                   |   13 +++++++++
>  9 files changed, 110 insertions(+), 6 deletions(-)
>  create mode 100644 include/version.h.tmpl
> 
> diff --git a/.gitignore b/.gitignore
> index ac72bf4..a36f0b9 100644
> --- a/.gitignore
> +++ b/.gitignore
> @@ -31,6 +31,8 @@ config/
>  !config/epoll.m4
>  !config/config_feature.m4
>  
> +include/version.h
> +
>  src/bin/lttng-sessiond/lttng-sessiond
>  src/bin/lttng/lttng
>  src/bin/lttng-consumerd/lttng-consumerd
> diff --git a/Makefile.am b/Makefile.am
> index b0537ce..03fdabc 100644
> --- a/Makefile.am
> +++ b/Makefile.am
> @@ -1,9 +1,9 @@
>  ACLOCAL_AMFLAGS = -I config
>  
> -SUBDIRS = src \
> +SUBDIRS = include \
> +		  src \
>  		  tests \
>  		  extras \
> -		  include \
>  		  doc
>  
>  dist_doc_DATA = LICENSE \
> diff --git a/include/Makefile.am b/include/Makefile.am
> index 0bcb6f9..fce6276 100644
> --- a/include/Makefile.am
> +++ b/include/Makefile.am
> @@ -1 +1,44 @@
> -lttnginclude_HEADERS = lttng/lttng.h lttng/lttng-error.h
> +## The version.h file must be verified and generated or updated if the
> +## git commit id (called git version here) changed since the last build
> +## of lttng-tools.
> +version.h: version.h.tmpl
> +	## We first create variables for the current git version and
> +	## the locations of the version.h and version.h.tmpl files
> +	(git_version="$$(git describe --long --all 2>/dev/null)"; \
> +	version_h_tmpl="$(top_builddir)/include/version.h.tmpl"; \
> +	version_h="$(top_builddir)/include/version.h"; \
> +	## If the version.h file doesn't exist or is not up to date,
> +	## We replace it by the version.h.tmpl file
> +	if [ ! -e "$${version_h}" ] || \
> +		[ "$${version_h_tmpl}" -nt "$${version_h}" ]; then \
> +		cp "$${version_h_tmpl}" "$${version_h}"; \
> +	fi; \
> +	if [ -z "$${git_version}" ]; then \
> +		## If we don't have a git version, we verify that there is
> +		## not any define of GIT_VERSION in the version.h file, or
> +		## we remove it.
> +		if [ $$(grep -c "^#define GIT_VERSION" "$${version_h}") -gt 0 ]; then \
> +			sed -i "/^#define GIT_VERSION/d" "$${version_h}"; \
> +		fi; \
> +	else \
> +		## If we have a git version, we verify that it isn't the same
> +		## as the one currently in the file (if there is one), as we
> +		## don't want to update the file if it is already up to date
> +		if [ $$(grep -cE "^#define GIT_VERSION \"?$${git_version}\"?$$" "$${version_h}") -eq 0 ]; then \
> +			if [ $$(grep -c "^#define GIT_VERSION" "$${version_h}") -gt 0 ]; then \
> +				## If there is already a GIT_VERSION defined,
> +				## we just replace it by the new version
> +				sed -i "s'^#define GIT_VERSION.*$$'#define GIT_VERSION \"$${git_version}\"'" "$${version_h}"; \
> +			else \
> +				## Else, we add a GIT_VERSION define
> +				## containing our new version.
> +				sed -i "s'^\(#define VERSION_H.*\)$$'\1\n\n#define GIT_VERSION \"$${git_version}\"'" "$${version_h}"; \
> +			fi; \
> +		fi; \
> +	fi)
> +
> +## version.h is defined as a .PHONY file even if it's a real file as
> +## we want our routine to be runned for each build.
> +.PHONY: version.h
> +
> +lttnginclude_HEADERS = lttng/lttng.h lttng/lttng-error.h version.h
> diff --git a/include/version.h.tmpl b/include/version.h.tmpl
> new file mode 100644
> index 0000000..c42789c
> --- /dev/null
> +++ b/include/version.h.tmpl
> @@ -0,0 +1,27 @@
> +/*
> + * version.h
> + *
> + * Linux Trace Toolkit version header file
> + *
> + * Copyright (C) 2013 - Raphaël Beamonte <raphael.beamonte at gmail.com>
> + *
> + * This library is free software; you can redistribute it and/or modify it
> + * under the terms of the GNU Lesser General Public License, version 2.1 only,
> + * as published by the Free Software Foundation.
> + *
> + * This library is distributed in the hope that it will be useful, but WITHOUT
> + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
> + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License
> + * for more details.
> + *
> + * You should have received a copy of the GNU Lesser General Public License
> + * along with this library; if not, write to the Free Software Foundation,
> + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
> + */
> +
> +#ifndef VERSION_H
> +#define VERSION_H
> +
> +#define GIT_VERSION
> +
> +#endif /* VERSION_H */
> diff --git a/src/bin/lttng-sessiond/lttng-sessiond.h b/src/bin/lttng-sessiond/lttng-sessiond.h
> index 9258f38..e91918a 100644
> --- a/src/bin/lttng-sessiond/lttng-sessiond.h
> +++ b/src/bin/lttng-sessiond/lttng-sessiond.h
> @@ -1,5 +1,6 @@
>  /*
>   * Copyright (C) 2011 - David Goulet <david.goulet at polymtl.ca>
> + * Copyright (C) 2013 - Raphaël Beamonte <raphael.beamonte at gmail.com>
>   *
>   * This program is free software; you can redistribute it and/or modify
>   * it under the terms of the GNU General Public License, version 2 only,
> @@ -28,6 +29,8 @@
>  
>  #include "session.h"
>  #include "ust-app.h"
> +#include "version.h"
> +
>  
>  extern const char default_home_dir[],
>  	default_tracing_group[],
> @@ -74,4 +77,15 @@ extern int apps_cmd_notify_pipe[2];
>  int sessiond_set_thread_pollset(struct lttng_poll_event *events, size_t size);
>  int sessiond_check_thread_quit_pipe(int fd, uint32_t events);
>  
> +/*
> + * This static const char allows to return the version number depending
> + * whether or not the GIT_VERSION value is available
> + */
> +#ifdef GIT_VERSION
> +static const char lttng_sessiond_version[] = VERSION " (Git: " GIT_VERSION ")";
> +#else /* GIT_VERSION */
> +static const char lttng_sessiond_version[] = VERSION;
> +#endif /* GIT_VERSION */
> +
> +
>  #endif /* _LTT_SESSIOND_H */
> diff --git a/src/bin/lttng-sessiond/main.c b/src/bin/lttng-sessiond/main.c
> index d88bafe..41701e9 100644
> --- a/src/bin/lttng-sessiond/main.c
> +++ b/src/bin/lttng-sessiond/main.c
> @@ -3555,7 +3555,7 @@ static int parse_args(int argc, char **argv)
>  			usage();
>  			exit(EXIT_FAILURE);
>  		case 'V':
> -			fprintf(stdout, "%s\n", VERSION);
> +			fprintf(stdout, "%s\n", lttng_sessiond_version);
>  			exit(EXIT_SUCCESS);
>  		case 'S':
>  			opt_sig_parent = 1;
> diff --git a/src/bin/lttng/commands/version.c b/src/bin/lttng/commands/version.c
> index 7f69de3..2170d00 100644
> --- a/src/bin/lttng/commands/version.c
> +++ b/src/bin/lttng/commands/version.c
> @@ -26,6 +26,7 @@
>  #include <config.h>
>  
>  #include "../command.h"
> +#include "../utils.h"
>  
>  enum {
>  	OPT_HELP = 1,
> @@ -79,7 +80,8 @@ int cmd_version(int argc, const char **argv)
>  	}
>  
>  	MSG("lttng version " VERSION " - " VERSION_NAME);
> -	MSG("\n" VERSION_DESCRIPTION "\n");
> +	MSG("%s", lttng_version);
> +	MSG(VERSION_DESCRIPTION "\n");
>  	MSG("Web site: http://lttng.org");
>  	MSG("\nlttng is free software and under the GPL license and part LGPL");
>  
> diff --git a/src/bin/lttng/lttng.c b/src/bin/lttng/lttng.c
> index d3aaa84..4289901 100644
> --- a/src/bin/lttng/lttng.c
> +++ b/src/bin/lttng/lttng.c
> @@ -31,6 +31,7 @@
>  #include <common/error.h>
>  
>  #include "command.h"
> +#include "utils.h"
>  
>  /* Variables */
>  static char *progname;
> @@ -81,7 +82,9 @@ static struct cmd_struct commands[] =  {
>  
>  static void usage(FILE *ofp)
>  {
> -	fprintf(ofp, "LTTng Trace Control " VERSION" - " VERSION_NAME"\n\n");
> +	fprintf(ofp, "LTTng Trace Control " VERSION " - " VERSION_NAME "\n");
> +	fprintf(ofp, lttng_version);
> +	fprintf(ofp, "\n");
>  	fprintf(ofp, "usage: lttng [OPTIONS] <COMMAND> [<ARGS>]\n");
>  	fprintf(ofp, "\n");
>  	fprintf(ofp, "Options:\n");
> diff --git a/src/bin/lttng/utils.h b/src/bin/lttng/utils.h
> index 9f7bfcc..12ee7c0 100644
> --- a/src/bin/lttng/utils.h
> +++ b/src/bin/lttng/utils.h
> @@ -1,5 +1,6 @@
>  /*
>   * Copyright (C) 2011 - David Goulet <david.goulet at polymtl.ca>
> + * Copyright (C) 2013 - Raphaël Beamonte <raphael.beamonte at gmail.com>
>   *
>   * This program is free software; you can redistribute it and/or modify
>   * it under the terms of the GNU General Public License, version 2 only,
> @@ -19,8 +20,20 @@
>  #define _LTTNG_UTILS_H
>  
>  #include <popt.h>
> +#include <version.h>
>  
>  char *get_session_name(void);
>  void list_cmd_options(FILE *ofp, struct poptOption *options);
>  
> +/*
> + * This static const char allows to return the version number depending
> + * whether or not the GIT_VERSION value is available
> + */
> +#ifdef GIT_VERSION
> +static const char lttng_version[] = "Git version: " GIT_VERSION "\n";
> +#else /* GIT_VERSION */
> +static const char lttng_version[] = "";
> +#endif /* GIT_VERSION */
> +
> +
>  #endif /* _LTTNG_UTILS_H */

More information about the lttng-dev mailing list