× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



On 08/23/2016 08:49 PM, Michael Orlitzky wrote:
Hopefully the commit message explains... for some background, please see
https://fedoraproject.org/wiki/Format-Security-FAQ.


I guess let's try that again with the patch inlined.


From 1bc9cac45be4bac46f58e325779bdb8c7b7bf502 Mon Sep 17 00:00:00 2001
From: Michael Orlitzky <michael@xxxxxxxxxxxx>
Date: Tue, 23 Aug 2016 20:20:15 -0400
Subject: [PATCH 1/1] Fix format-security warnings.

Newer versions of GCC have the ability to warn you (or throw errors)
about insecure format strings. Generally this is due to an omitted
format string in the printf family of functions, and a few of those
issues existed in the code base. They were all fixed by adding a
trivial "%s" format string. The project now builds with
-Werror=format-security.
---
curses/cursesterm.c | 4 ++--
lib5250/sslstream.c | 2 +-
lib5250/telnetstr.c | 2 +-
3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/curses/cursesterm.c b/curses/cursesterm.c
index bf20f05..3032966 100644
--- a/curses/cursesterm.c
+++ b/curses/cursesterm.c
@@ -640,9 +640,9 @@ static void curses_terminal_update(Tn5250Terminal * This, Tn5250Display *display
if(This->data->is_xterm) {
if (This->data->font_132!=NULL) {
if (tn5250_display_width (display)>100)
- printf(This->data->font_132);
+ printf("%s", This->data->font_132);
else
- printf(This->data->font_80);
+ printf("%s", This->data->font_80);
}
printf ("\x1b[8;%d;%dt", tn5250_display_height (display)+1,
tn5250_display_width (display));
diff --git a/lib5250/sslstream.c b/lib5250/sslstream.c
index 2f91d1a..7f3009e 100644
--- a/lib5250/sslstream.c
+++ b/lib5250/sslstream.c
@@ -307,7 +307,7 @@ static void ssl_log_SB_buf(unsigned char *buf, int len)

if (!tn5250_logfile)
return;
- fprintf(tn5250_logfile,ssl_getTelOpt(type=*buf++));
+ fprintf(tn5250_logfile,"%s",ssl_getTelOpt(type=*buf++));
switch (c=*buf++) {
case IS:
fputs("<IS>",tn5250_logfile);
diff --git a/lib5250/telnetstr.c b/lib5250/telnetstr.c
index 9ad2624..cf1576f 100644
--- a/lib5250/telnetstr.c
+++ b/lib5250/telnetstr.c
@@ -282,7 +282,7 @@ static void log_SB_buf(unsigned char *buf, int len)

if (!tn5250_logfile)
return;
- fprintf(tn5250_logfile,getTelOpt(type=*buf++));
+ fprintf(tn5250_logfile,"%s",getTelOpt(type=*buf++));
switch (c=*buf++) {
case IS:
fputs("<IS>",tn5250_logfile);

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.