-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathfix-glibc-gets.patch
80 lines (73 loc) · 3.12 KB
/
fix-glibc-gets.patch
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
>From 66712c23388e93e5c518ebc8515140fa0c807348 Mon Sep 17 00:00:00 2001
From: Eric Blake <address@hidden>
Date: Thu, 29 Mar 2012 13:30:41 -0600
Subject: [PATCH] stdio: don't assume gets any more
Gnulib intentionally does not have a gets module, and now that C11
and glibc have dropped it, we should be more proactive about warning
any user on a platform that still has a declaration of this dangerous
interface.
---
lib/stdio.in.h | 12 +++++++-----
m4/stdio_h.m4 | 4 ++--
m4/warn-on-use.m4 | 4 ++--
3 files changed, 11 insertions(+), 9 deletions(-)
diff --git a/lib/stdio.in.h b/lib/stdio.in.h
index 57e93ba..6ab9c8b 100644
--- a/lib/stdio.in.h
+++ b/lib/stdio.in.h
@@ -176,10 +176,12 @@ _GL_WARN_ON_USE (fflush, "fflush is not always POSIX compliant - "
#endif
/* It is very rare that the developer ever has full control of stdin,
- so any use of gets warrants an unconditional warning. Assume it is
- always declared, since it is required by C89. */
+ so any use of gets warrants an unconditional warning; besides, C11
+ removed it. */
#undef gets
+#if HAVE_RAW_DECL_GETS
_GL_WARN_ON_USE (gets, "gets is a security hole - use fgets instead");
+#endif
#if @GNULIB_FOPEN@
# if @REPLACE_FOPEN@
@@ -902,9 +904,9 @@ _GL_WARN_ON_USE (snprintf, "snprintf is unportable - "
# endif
#endif
-/* Some people would argue that sprintf should be handled like gets
- (for example, OpenBSD issues a link warning for both functions),
- since both can cause security holes due to buffer overruns.
+/* Some people would argue that all sprintf uses should be warned about
+ (for example, OpenBSD issues a link warning for it),
+ since it can cause security holes due to buffer overruns.
However, we believe that sprintf can be used safely, and is more
efficient than snprintf in those safe cases; and as proof of our
belief, we use sprintf in several gnulib modules. So this header
diff --git a/m4/stdio_h.m4 b/m4/stdio_h.m4
index 7f3ae56..990c616 100644
--- a/m4/stdio_h.m4
+++ b/m4/stdio_h.m4
@@ -34,9 +34,9 @@ AC_DEFUN([gl_STDIO_H],
dnl Check for declarations of anything we want to poison if the
dnl corresponding gnulib module is not in use, and which is not
- dnl guaranteed by C89.
+ dnl guaranteed by both C89 and C11.
gl_WARN_ON_USE_PREPARE([[#include <stdio.h>
- ]], [dprintf fpurge fseeko ftello getdelim getline popen renameat
+ ]], [dprintf fpurge fseeko ftello getdelim getline gets popen renameat
snprintf tmpfile vdprintf vsnprintf])
])
diff --git a/m4/warn-on-use.m4 b/m4/warn-on-use.m4
index e0d0f27..4b07efb 100644
--- a/m4/warn-on-use.m4
+++ b/m4/warn-on-use.m4
@@ -18,8 +18,8 @@ dnl with or without modifications, as long as this notice is preserved.
# some systems declare functions in the wrong header, then INCLUDES
# should do likewise.
#
-# If you assume C89, then it is generally safe to assume declarations
-# for functions declared in that standard (such as gets) without
+# It is generally safe to assume declarations for functions declared
+# in the intersection of C89 and C11 (such as printf) without
# needing gl_WARN_ON_USE_PREPARE.
AC_DEFUN([gl_WARN_ON_USE_PREPARE],
[
--
1.7.11.2