On 08/23/2016 08:49 PM, Michael Orlitzky wrote:
Hopefully the commit message explains... for some background, please see
https://fedoraproject.org/wiki/Format-Security-FAQ.
I guess let's try that again with the patch inlined.
From 1bc9cac45be4bac46f58e325779bdb8c7b7bf502 Mon Sep 17 00:00:00 2001
From: Michael Orlitzky <michael@xxxxxxxxxxxx>
Date: Tue, 23 Aug 2016 20:20:15 -0400
Subject: [PATCH 1/1] Fix format-security warnings.
Newer versions of GCC have the ability to warn you (or throw errors)
about insecure format strings. Generally this is due to an omitted
format string in the printf family of functions, and a few of those
issues existed in the code base. They were all fixed by adding a
trivial "%s" format string. The project now builds with
-Werror=format-security.
---
curses/cursesterm.c | 4 ++--
lib5250/sslstream.c | 2 +-
lib5250/telnetstr.c | 2 +-
3 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/curses/cursesterm.c b/curses/cursesterm.c
index bf20f05..3032966 100644
--- a/curses/cursesterm.c
+++ b/curses/cursesterm.c
@@ -640,9 +640,9 @@ static void curses_terminal_update(Tn5250Terminal * This, Tn5250Display *display
if(This->data->is_xterm) {
if (This->data->font_132!=NULL) {
if (tn5250_display_width (display)>100)
- printf(This->data->font_132);
+ printf("%s", This->data->font_132);
else
- printf(This->data->font_80);
+ printf("%s", This->data->font_80);
}
printf ("\x1b[8;%d;%dt", tn5250_display_height (display)+1,
tn5250_display_width (display));
diff --git a/lib5250/sslstream.c b/lib5250/sslstream.c
index 2f91d1a..7f3009e 100644
--- a/lib5250/sslstream.c
+++ b/lib5250/sslstream.c
@@ -307,7 +307,7 @@ static void ssl_log_SB_buf(unsigned char *buf, int len)
if (!tn5250_logfile)
return;
- fprintf(tn5250_logfile,ssl_getTelOpt(type=*buf++));
+ fprintf(tn5250_logfile,"%s",ssl_getTelOpt(type=*buf++));
switch (c=*buf++) {
case IS:
fputs("<IS>",tn5250_logfile);
diff --git a/lib5250/telnetstr.c b/lib5250/telnetstr.c
index 9ad2624..cf1576f 100644
--- a/lib5250/telnetstr.c
+++ b/lib5250/telnetstr.c
@@ -282,7 +282,7 @@ static void log_SB_buf(unsigned char *buf, int len)
if (!tn5250_logfile)
return;
- fprintf(tn5250_logfile,getTelOpt(type=*buf++));
+ fprintf(tn5250_logfile,"%s",getTelOpt(type=*buf++));
switch (c=*buf++) {
case IS:
fputs("<IS>",tn5250_logfile);
As an Amazon Associate we earn from qualifying purchases.