From 766f481683688cd692843de451d4e1e48c7b2917 Mon Sep 17 00:00:00 2001 From: Lubomir Rintel Date: Dec 04 2013 22:43:20 +0000 Subject: Fix build with -Werror=format-security --- diff --git a/afpfs-ng-0.8.1-formatsec.patch b/afpfs-ng-0.8.1-formatsec.patch new file mode 100644 index 0000000..9f9d0a2 --- /dev/null +++ b/afpfs-ng-0.8.1-formatsec.patch @@ -0,0 +1,160 @@ +From 2c76660566d026d430305231e72c259372de4380 Mon Sep 17 00:00:00 2001 +From: Lubomir Rintel +Date: Wed, 4 Dec 2013 23:17:10 +0100 +Subject: [PATCH] Fix build with -Werror=format-security + +Fedora, starting with version 21, will enable this flag in order to limit +potentially insecure uses of format strings. It is required for format strings +to be constant now. +--- + cmdline/cmdline_afp.c | 4 ++-- + cmdline/cmdline_testafp.c | 12 ++++++------ + fuse/client.c | 5 +---- + fuse/commands.c | 4 ++-- + lib/afp_url.c | 12 ++++++------ + 5 files changed, 17 insertions(+), 20 deletions(-) + +diff --git a/cmdline/cmdline_afp.c b/cmdline/cmdline_afp.c +index 827150b..59f0977 100644 +--- a/cmdline/cmdline_afp.c ++++ b/cmdline/cmdline_afp.c +@@ -828,11 +828,11 @@ int com_status(char * arg) + char text[40960]; + + afp_status_header(text,&len); +- printf(text); ++ puts(text); + + len=40960; + afp_status_server(server,text,&len); +- printf(text); ++ puts(text); + return 0; + } + +diff --git a/cmdline/cmdline_testafp.c b/cmdline/cmdline_testafp.c +index c40f2bd..f887aec 100644 +--- a/cmdline/cmdline_testafp.c ++++ b/cmdline/cmdline_testafp.c +@@ -26,12 +26,12 @@ static int test_one_url(char * url_string, + struct afp_url valid_url; + afp_default_url(&valid_url); + valid_url.protocol=protocol; +- sprintf(valid_url.servername,servername); +- sprintf(valid_url.volumename,volumename); +- sprintf(valid_url.path,path); +- sprintf(valid_url.username,username); +- sprintf(valid_url.password,password); +- sprintf(valid_url.uamname,uamname); ++ strncpy(valid_url.servername,servername,sizeof(valid_url.servername)); ++ strncpy(valid_url.volumename,volumename,sizeof(valid_url.volumename)); ++ strncpy(valid_url.path,path,sizeof(valid_url.path)); ++ strncpy(valid_url.username,username,sizeof(valid_url.username)); ++ strncpy(valid_url.password,password,sizeof(valid_url.password)); ++ strncpy(valid_url.uamname,uamname,sizeof(valid_url.uamname)); + valid_url.port=port; + + if (afp_url_validate(url_string,&valid_url)) +diff --git a/fuse/client.c b/fuse/client.c +index f795ca6..d19e9ef 100644 +--- a/fuse/client.c ++++ b/fuse/client.c +@@ -509,7 +509,6 @@ static int prepare_buffer(int argc, char * argv[]) + int read_answer(int sock) { + int len=0, expected_len=0, packetlen; + char incoming_buffer[MAX_CLIENT_RESPONSE]; +- char toprint[MAX_CLIENT_RESPONSE+200]; + struct timeval tv; + fd_set rds,ords; + int ret; +@@ -546,9 +545,7 @@ int read_answer(int sock) { + } + + done: +- memset(toprint,0,MAX_CLIENT_RESPONSE+200); +- snprintf(toprint,MAX_CLIENT_RESPONSE+200,"%s",incoming_buffer+sizeof(*answer)); +- printf(toprint); ++ printf("%.200s",incoming_buffer+sizeof(*answer)); + return ((struct afp_server_response *) incoming_buffer)->result; + + return 0; +diff --git a/fuse/commands.c b/fuse/commands.c +index aa7444d..bb06928 100644 +--- a/fuse/commands.c ++++ b/fuse/commands.c +@@ -163,7 +163,7 @@ static void fuse_log_for_client(void * priv, + + if (c) { + len = strlen(c->client_string); +- snprintf(c->client_string+len, ++ strncat(c->client_string+len, + MAX_CLIENT_RESPONSE-len, + message); + } else { +@@ -468,7 +468,7 @@ static int process_mount(struct fuse_client * c) + volume->mapping=req->map; + afp_detect_mapping(volume); + +- snprintf(volume->mountpoint,255,req->mountpoint); ++ strncat(volume->mountpoint,255,req->mountpoint); + + /* Create the new thread and block until we get an answer back */ + { +diff --git a/lib/afp_url.c b/lib/afp_url.c +index 42bac1c..f152d7b 100644 +--- a/lib/afp_url.c ++++ b/lib/afp_url.c +@@ -233,7 +233,7 @@ int afp_parse_url(struct afp_url * url, const char * toparse, int verbose) + } + } + +- snprintf(url->servername,strlen(p)+1,p); ++ strncat(url->servername,strlen(p)+1,p); + if (check_servername(url->servername)) { + if (verbose) printf("This isn't a valid servername\n"); + return -1; +@@ -263,7 +263,7 @@ int afp_parse_url(struct afp_url * url, const char * toparse, int verbose) + if ((q=escape_strrchr(p,':',":"))) { + *q='\0'; + q++; +- snprintf(url->password,strlen(q)+1,q); ++ strncat(url->password,strlen(q)+1,q); + if (check_password(url->password)) { + if (verbose) printf("This isn't a valid passwd\n"); + return -1; +@@ -276,7 +276,7 @@ int afp_parse_url(struct afp_url * url, const char * toparse, int verbose) + if ((q=strstr(p,";AUTH="))) { + *q='\0'; + q+=6; +- snprintf(url->uamname,strlen(q)+1,q); ++ strncat(url->uamname,strlen(q)+1,q); + if (check_uamname(url->uamname)) { + if (verbose) printf("This isn't a valid uamname\n"); + return -1; +@@ -284,7 +284,7 @@ int afp_parse_url(struct afp_url * url, const char * toparse, int verbose) + } + + if (strlen(p)>0) { +- snprintf(url->username,strlen(p)+1,p); ++ strncat(url->username,strlen(p)+1,p); + if (check_username(url->username)) { + if (verbose) printf("This isn't a valid username\n"); + return -1;; +@@ -304,12 +304,12 @@ parse_secondpart: + *q='\0'; + q++; + } +- snprintf(url->volumename,strlen(p)+1,p); ++ strncat(url->volumename,strlen(p)+1,p); + + + if (q) { + url->path[0]='/'; +- snprintf(url->path+1,strlen(q)+1,q); ++ strncat(url->path+1,strlen(q)+1,q); + } + + done: +-- +1.8.4.2 + diff --git a/afpfs-ng.spec b/afpfs-ng.spec index c59a17e..ba81f6e 100644 --- a/afpfs-ng.spec +++ b/afpfs-ng.spec @@ -5,7 +5,7 @@ Name: afpfs-ng Version: 0.8.1 -Release: 13%{?dist}.3 +Release: 14%{?dist} Summary: Apple Filing Protocol client Group: System Environment/Base @@ -14,6 +14,8 @@ URL: http://alexthepuffin.googlepages.com/home Source0: http://downloads.sourceforge.net/afpfs-ng/%{name}-%{version}.tar.bz2 Patch0: afpfs-ng-0.8.1-overflows.patch Patch1: afpfs-ng-0.8.1-pointer.patch +# Sent by e-mail to Alex deVries +Patch2: afpfs-ng-0.8.1-formatsec.patch %{?!_without_fuse:BuildRequires: fuse-devel} BuildRequires: libgcrypt-devel gmp-devel readline-devel @@ -49,6 +51,7 @@ Library for dynamic linking and header files of afpfs-ng. %setup -q %patch0 -p1 -b .overflows %patch1 -p1 -b .pointer +%patch2 -p1 -b .formatsec %build @@ -103,6 +106,9 @@ cp -p include/* %{buildroot}%{_includedir}/afpfs-ng %changelog +* Wed Dec 04 2013 Lubomir Rintel - 0.8.1-14 +- Fix build with -Werror=format-security + * Thu Oct 24 2013 Lubomir Rintel - 0.8.1-13.3 - Bulk sad and useless attempt at consistent SPEC file formatting