[afpfs-ng] Fix build with -Werror=format-security

Lubomir Rintel lkundrak at fedoraproject.org
Wed Dec 4 22:43:24 UTC 2013 

commit 766f481683688cd692843de451d4e1e48c7b2917
Author: Lubomir Rintel <lkundrak at v3.sk>
Date:   Wed Dec 4 23:43:20 2013 +0100

    Fix build with -Werror=format-security

 afpfs-ng-0.8.1-formatsec.patch |  160 ++++++++++++++++++++++++++++++++++++++++
 afpfs-ng.spec                  |    8 ++-
 2 files changed, 167 insertions(+), 1 deletions(-)
---
diff --git a/afpfs-ng-0.8.1-formatsec.patch b/afpfs-ng-0.8.1-formatsec.patch
new file mode 100644
index 0000000..9f9d0a2
--- /dev/null
+++ b/afpfs-ng-0.8.1-formatsec.patch
@@ -0,0 +1,160 @@
+From 2c76660566d026d430305231e72c259372de4380 Mon Sep 17 00:00:00 2001
+From: Lubomir Rintel <lkundrak at v3.sk>
+Date: Wed, 4 Dec 2013 23:17:10 +0100
+Subject: [PATCH] Fix build with -Werror=format-security
+
+Fedora, starting with version 21, will enable this flag in order to limit
+potentially insecure uses of format strings. It is required for format strings
+to be constant now.
+---
+ cmdline/cmdline_afp.c     |  4 ++--
+ cmdline/cmdline_testafp.c | 12 ++++++------
+ fuse/client.c             |  5 +----
+ fuse/commands.c           |  4 ++--
+ lib/afp_url.c             | 12 ++++++------
+ 5 files changed, 17 insertions(+), 20 deletions(-)
+
+diff --git a/cmdline/cmdline_afp.c b/cmdline/cmdline_afp.c
+index 827150b..59f0977 100644
+--- a/cmdline/cmdline_afp.c
++++ b/cmdline/cmdline_afp.c
+@@ -828,11 +828,11 @@ int com_status(char * arg)
+ 	char text[40960];
+ 
+ 	afp_status_header(text,&len);
+-	printf(text);
++	puts(text);
+ 
+ 	len=40960;
+ 	afp_status_server(server,text,&len);
+-	printf(text);
++	puts(text);
+ 	return 0;
+ }
+ 
+diff --git a/cmdline/cmdline_testafp.c b/cmdline/cmdline_testafp.c
+index c40f2bd..f887aec 100644
+--- a/cmdline/cmdline_testafp.c
++++ b/cmdline/cmdline_testafp.c
+@@ -26,12 +26,12 @@ static int test_one_url(char * url_string,
+ 	struct afp_url valid_url;
+ 	afp_default_url(&valid_url);
+ 	valid_url.protocol=protocol;
+-	sprintf(valid_url.servername,servername);
+-	sprintf(valid_url.volumename,volumename);
+-	sprintf(valid_url.path,path);
+-	sprintf(valid_url.username,username);
+-	sprintf(valid_url.password,password);
+-	sprintf(valid_url.uamname,uamname);
++	strncpy(valid_url.servername,servername,sizeof(valid_url.servername));
++	strncpy(valid_url.volumename,volumename,sizeof(valid_url.volumename));
++	strncpy(valid_url.path,path,sizeof(valid_url.path));
++	strncpy(valid_url.username,username,sizeof(valid_url.username));
++	strncpy(valid_url.password,password,sizeof(valid_url.password));
++	strncpy(valid_url.uamname,uamname,sizeof(valid_url.uamname));
+ 	valid_url.port=port;
+ 
+ 	if (afp_url_validate(url_string,&valid_url)) 
+diff --git a/fuse/client.c b/fuse/client.c
+index f795ca6..d19e9ef 100644
+--- a/fuse/client.c
++++ b/fuse/client.c
+@@ -509,7 +509,6 @@ static int prepare_buffer(int argc, char * argv[])
+ int read_answer(int sock) {
+ 	int len=0, expected_len=0, packetlen;
+ 	char incoming_buffer[MAX_CLIENT_RESPONSE];
+-	char toprint[MAX_CLIENT_RESPONSE+200];
+ 	struct timeval tv;
+ 	fd_set rds,ords;
+ 	int ret;
+@@ -546,9 +545,7 @@ int read_answer(int sock) {
+ 	}
+ 
+ done:
+-	memset(toprint,0,MAX_CLIENT_RESPONSE+200);
+-	snprintf(toprint,MAX_CLIENT_RESPONSE+200,"%s",incoming_buffer+sizeof(*answer));
+-	printf(toprint);
++	printf("%.200s",incoming_buffer+sizeof(*answer));
+ 	return ((struct afp_server_response *) incoming_buffer)->result;
+ 
+ 	return 0;
+diff --git a/fuse/commands.c b/fuse/commands.c
+index aa7444d..bb06928 100644
+--- a/fuse/commands.c
++++ b/fuse/commands.c
+@@ -163,7 +163,7 @@ static void fuse_log_for_client(void * priv,
+ 
+ 	if (c) {
+ 		len = strlen(c->client_string);
+-		snprintf(c->client_string+len,
++		strncat(c->client_string+len,
+ 			MAX_CLIENT_RESPONSE-len,
+ 			message);
+ 	} else {
+@@ -468,7 +468,7 @@ static int process_mount(struct fuse_client * c)
+ 	volume->mapping=req->map;
+ 	afp_detect_mapping(volume);
+ 
+-	snprintf(volume->mountpoint,255,req->mountpoint);
++	strncat(volume->mountpoint,255,req->mountpoint);
+ 
+ 	/* Create the new thread and block until we get an answer back */
+ 	{
+diff --git a/lib/afp_url.c b/lib/afp_url.c
+index 42bac1c..f152d7b 100644
+--- a/lib/afp_url.c
++++ b/lib/afp_url.c
+@@ -233,7 +233,7 @@ int afp_parse_url(struct afp_url * url, const char * toparse, int verbose)
+ 		}
+ 	}
+ 
+-	snprintf(url->servername,strlen(p)+1,p);
++	strncat(url->servername,strlen(p)+1,p);
+ 	if (check_servername(url->servername)) {
+ 			if (verbose) printf("This isn't a valid servername\n");
+ 			return -1;
+@@ -263,7 +263,7 @@ int afp_parse_url(struct afp_url * url, const char * toparse, int verbose)
+ 	if ((q=escape_strrchr(p,':',":"))) {
+ 		*q='\0';
+ 		q++;
+-		snprintf(url->password,strlen(q)+1,q);
++		strncat(url->password,strlen(q)+1,q);
+ 		if (check_password(url->password)) {
+ 			if (verbose) printf("This isn't a valid passwd\n");
+ 			return -1;
+@@ -276,7 +276,7 @@ int afp_parse_url(struct afp_url * url, const char * toparse, int verbose)
+ 	if ((q=strstr(p,";AUTH="))) {
+ 		*q='\0';
+ 		q+=6;
+-		snprintf(url->uamname,strlen(q)+1,q);
++		strncat(url->uamname,strlen(q)+1,q);
+ 		if (check_uamname(url->uamname)) {
+ 			if (verbose) printf("This isn't a valid uamname\n");
+ 			return -1;
+@@ -284,7 +284,7 @@ int afp_parse_url(struct afp_url * url, const char * toparse, int verbose)
+ 	}
+ 
+ 	if (strlen(p)>0) {
+-		snprintf(url->username,strlen(p)+1,p);
++		strncat(url->username,strlen(p)+1,p);
+ 		if (check_username(url->username)) {
+ 			if (verbose) printf("This isn't a valid username\n");
+ 			return -1;;
+@@ -304,12 +304,12 @@ parse_secondpart:
+ 		*q='\0';
+ 		q++;
+ 	}
+-	snprintf(url->volumename,strlen(p)+1,p);
++	strncat(url->volumename,strlen(p)+1,p);
+ 
+ 
+ 	if (q) {
+ 		url->path[0]='/';
+-		snprintf(url->path+1,strlen(q)+1,q);
++		strncat(url->path+1,strlen(q)+1,q);
+ 	}
+ 
+ done:
+-- 
+1.8.4.2
+
diff --git a/afpfs-ng.spec b/afpfs-ng.spec
index c59a17e..ba81f6e 100644
--- a/afpfs-ng.spec
+++ b/afpfs-ng.spec
@@ -5,7 +5,7 @@
 
 Name:           afpfs-ng
 Version:        0.8.1
-Release:        13%{?dist}.3
+Release:        14%{?dist}
 Summary:        Apple Filing Protocol client
 
 Group:          System Environment/Base
@@ -14,6 +14,8 @@ URL:            http://alexthepuffin.googlepages.com/home
 Source0:        http://downloads.sourceforge.net/afpfs-ng/%{name}-%{version}.tar.bz2
 Patch0:         afpfs-ng-0.8.1-overflows.patch
 Patch1:         afpfs-ng-0.8.1-pointer.patch
+# Sent by e-mail to Alex deVries <alexthepuffin at gmail.com>
+Patch2:         afpfs-ng-0.8.1-formatsec.patch
 
 %{?!_without_fuse:BuildRequires: fuse-devel}
 BuildRequires: libgcrypt-devel gmp-devel readline-devel
@@ -49,6 +51,7 @@ Library for dynamic linking and header files of afpfs-ng.
 %setup -q
 %patch0 -p1 -b .overflows
 %patch1 -p1 -b .pointer
+%patch2 -p1 -b .formatsec
 
 
 %build
@@ -103,6 +106,9 @@ cp -p include/* %{buildroot}%{_includedir}/afpfs-ng
 
 
 %changelog
+* Wed Dec 04 2013 Lubomir Rintel <lkundrak at v3.sk> - 0.8.1-14
+- Fix build with -Werror=format-security
+
 * Thu Oct 24 2013 Lubomir Rintel <lkundrak at v3.sk> - 0.8.1-13.3
 - Bulk sad and useless attempt at consistent SPEC file formatting

More information about the scm-commits mailing list