From 4416edf5127deec1456d5288ea7d10b50597b963 Mon Sep 17 00:00:00 2001
From: Haïkel Guémar <hguemar@fedoraproject.org>
Date: Nov 25 2014 22:42:46 +0000
Subject: Fix mount_afp crash (RHBZ #1165296)


---

diff --git a/afpfs-ng-0.8.1-formatsec.patch b/afpfs-ng-0.8.1-formatsec.patch
index 9f9d0a2..22527b3 100644
--- a/afpfs-ng-0.8.1-formatsec.patch
+++ b/afpfs-ng-0.8.1-formatsec.patch
@@ -23,12 +23,12 @@ index 827150b..59f0977 100644
  
  	afp_status_header(text,&len);
 -	printf(text);
-+	puts(text);
++	printf("%s", text);
  
  	len=40960;
  	afp_status_server(server,text,&len);
 -	printf(text);
-+	puts(text);
++	printf("%s", text);
  	return 0;
  }
  
@@ -46,12 +46,12 @@ index c40f2bd..f887aec 100644
 -	sprintf(valid_url.username,username);
 -	sprintf(valid_url.password,password);
 -	sprintf(valid_url.uamname,uamname);
-+	strncpy(valid_url.servername,servername,sizeof(valid_url.servername));
-+	strncpy(valid_url.volumename,volumename,sizeof(valid_url.volumename));
-+	strncpy(valid_url.path,path,sizeof(valid_url.path));
-+	strncpy(valid_url.username,username,sizeof(valid_url.username));
-+	strncpy(valid_url.password,password,sizeof(valid_url.password));
-+	strncpy(valid_url.uamname,uamname,sizeof(valid_url.uamname));
++	snprintf(valid_url.servername,sizeof(valid_url.servername),"%s",servername);
++	snprintf(valid_url.volumename,sizeof(valid_url.volumename),"%s",volumename);
++	snprintf(valid_url.path,sizeof(valid_url.path),"%s",path);
++	snprintf(valid_url.username,sizeof(valid_url.username),"%s",username);
++	snprintf(valid_url.password,sizeof(valid_url.password),"%s",password);
++	snprintf(valid_url.uamname,(valid_url.uamname),"%s",uamname);
  	valid_url.port=port;
  
  	if (afp_url_validate(url_string,&valid_url)) 
@@ -82,21 +82,20 @@ diff --git a/fuse/commands.c b/fuse/commands.c
 index aa7444d..bb06928 100644
 --- a/fuse/commands.c
 +++ b/fuse/commands.c
-@@ -163,7 +163,7 @@ static void fuse_log_for_client(void * priv,
- 
- 	if (c) {
+@@ -163,6 +163,7 @@ static void fuse_log_for_client(void * priv,
  		len = strlen(c->client_string);
--		snprintf(c->client_string+len,
-+		strncat(c->client_string+len,
+ 		snprintf(c->client_string+len,
  			MAX_CLIENT_RESPONSE-len,
++			"%s",
  			message);
  	} else {
+ 
 @@ -468,7 +468,7 @@ static int process_mount(struct fuse_client * c)
  	volume->mapping=req->map;
  	afp_detect_mapping(volume);
  
 -	snprintf(volume->mountpoint,255,req->mountpoint);
-+	strncat(volume->mountpoint,255,req->mountpoint);
++	snprintf(volume->mountpoint,255,"%s",req->mountpoint);
  
  	/* Create the new thread and block until we get an answer back */
  	{
@@ -109,7 +108,7 @@ index 42bac1c..f152d7b 100644
  	}
  
 -	snprintf(url->servername,strlen(p)+1,p);
-+	strncat(url->servername,strlen(p)+1,p);
++	snprintf(url->servername,strlen(p)+1,"%s",p);
  	if (check_servername(url->servername)) {
  			if (verbose) printf("This isn't a valid servername\n");
  			return -1;
@@ -118,7 +117,7 @@ index 42bac1c..f152d7b 100644
  		*q='\0';
  		q++;
 -		snprintf(url->password,strlen(q)+1,q);
-+		strncat(url->password,strlen(q)+1,q);
++		snprintf(url->password,strlen(q)+1,"%s",q);
  		if (check_password(url->password)) {
  			if (verbose) printf("This isn't a valid passwd\n");
  			return -1;
@@ -127,7 +126,7 @@ index 42bac1c..f152d7b 100644
  		*q='\0';
  		q+=6;
 -		snprintf(url->uamname,strlen(q)+1,q);
-+		strncat(url->uamname,strlen(q)+1,q);
++		snprintf(url->uamname,strlen(q)+1,"%s",q);
  		if (check_uamname(url->uamname)) {
  			if (verbose) printf("This isn't a valid uamname\n");
  			return -1;
@@ -136,7 +135,7 @@ index 42bac1c..f152d7b 100644
  
  	if (strlen(p)>0) {
 -		snprintf(url->username,strlen(p)+1,p);
-+		strncat(url->username,strlen(p)+1,p);
++		snprintf(url->username,strlen(p)+1,"%s",p);
  		if (check_username(url->username)) {
  			if (verbose) printf("This isn't a valid username\n");
  			return -1;;
@@ -145,13 +144,13 @@ index 42bac1c..f152d7b 100644
  		q++;
  	}
 -	snprintf(url->volumename,strlen(p)+1,p);
-+	strncat(url->volumename,strlen(p)+1,p);
++	snprintf(url->volumename,strlen(p)+1,"%s",p);
  
  
  	if (q) {
  		url->path[0]='/';
 -		snprintf(url->path+1,strlen(q)+1,q);
-+		strncat(url->path+1,strlen(q)+1,q);
++		snprintf(url->path+1,strlen(q)+1,"%s",q);
  	}
  
  done:
diff --git a/afpfs-ng.spec b/afpfs-ng.spec
index dc5e37d..1ec541c 100644
--- a/afpfs-ng.spec
+++ b/afpfs-ng.spec
@@ -5,7 +5,7 @@
 
 Name:           afpfs-ng
 Version:        0.8.1
-Release:        17%{?dist}
+Release:        18%{?dist}
 Summary:        Apple Filing Protocol client
 
 Group:          System Environment/Base
@@ -106,6 +106,9 @@ cp -p include/* %{buildroot}%{_includedir}/afpfs-ng
 
 
 %changelog
+* Tue Nov 25 2014 <hguemar@fedoraproject.org> - 0.8.1-18
+- Fix mount_afp crash (RHBZ #1165296)
+
 * Fri Aug 15 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.8.1-17
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild