Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 544388

Summary: net-misc/telnet-bsd fails to compile with format-security
Product: Gentoo Linux Reporter: Uwe Sauter <uwe>
Component: Current packagesAssignee: Marc Schiffbauer <mschiff>
Status: RESOLVED NEEDINFO    
Severity: normal CC: xmw
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---
Attachments: net-misc:telnet-bsd-1.2-r1:20150324-205457.log
obvious format security patch

Description Uwe Sauter 2015-03-24 20:58:38 UTC 
net-misc/telnet-bsd-1.2-r1 fails to compile with CFLAGS="-Werror=format-security"

Reproducible: Always




Portage 2.2.14 (python 3.3.5-final-0, default/linux/amd64/13.0, gcc-4.8.3, glibc-2.20-r2, 3.18.9-gentoo x86_64)
=================================================================
System uname: Linux-3.18.9-gentoo-x86_64-Intel-R-_Xeon-R-_CPU_E3-1245_v3_@_3.40GHz-with-gentoo-2.2
KiB Mem:    15310140 total,  12509040 free
KiB Swap:          0 total,         0 free
Timestamp of tree: Tue, 24 Mar 2015 16:45:01 +0000
ld GNU ld (Gentoo 2.24 p1.4) 2.24
app-shells/bash:          4.2_p53
dev-java/java-config:     2.2.0
dev-lang/perl:            5.20.1-r4
dev-lang/python:          2.7.9-r1, 3.3.5-r1, 3.4.1
dev-util/cmake:           2.8.12.2-r1
dev-util/pkgconfig:       0.28-r1
sys-apps/baselayout:      2.2
sys-apps/openrc:          0.13.11
sys-apps/sandbox:         2.6-r1
sys-devel/autoconf:       2.69
sys-devel/automake:       1.11.6-r1, 1.12.6, 1.13.4
sys-devel/binutils:       2.24-r3
sys-devel/gcc:            4.8.3
sys-devel/gcc-config:     1.7.3
sys-devel/libtool:        2.4.4
sys-devel/make:           4.1-r1
sys-kernel/linux-headers: 3.18 (virtual/os-headers)
sys-libs/glibc:           2.20-r2
Repositories: gentoo local-overlay
ACCEPT_KEYWORDS="amd64"
ACCEPT_LICENSE="*"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-O1 -pipe -march=native -Werror=format-security"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/lib64/libreoffice/program/sofficerc /usr/share/gnupg/qualified.txt"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c"
CXXFLAGS="-O1 -pipe -march=native -Werror=format-security"
DISTDIR="/usr/portage/distfiles"
EMERGE_DEFAULT_OPTS="--autounmask n"
FCFLAGS="-O2 -pipe"
FEATURES="assume-digests binpkg-logs buildpkg candy cgroup collision-protect compress-build-logs config-protect-if-modified distlocks ebuild-locks fixlafiles merge-sync news parallel-fetch preserve-libs protect-owned sandbox sfperms split-elog splitdebug strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr"
FFLAGS="-O2 -pipe"
GENTOO_MIRRORS="http://distfiles.gentoo.org http://ftp-stud.hs-esslingen.de/pub/Mirrors/gentoo"
LANG="de_DE.utf8"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
MAKEOPTS="-j9"
PKGDIR="/usr/portage/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/home/portage/local-overlay"
SYNC="rsync://rsync.de.gentoo.org/gentoo-portage"
USE="7zip X acl acpi aes aio alsa amd64 avx avx2 bash-completion berkdb bluetooth bluray bzip2 cairo caps clang cli consolekit cracklib crypt css cups curl cxx dbus dri dvb dvd dvdread encode exif flac fma3 fontconfig fortran fuse gdbm gif glamor gmp gnuplot gnutls gtk gtk3 iconv icu imagemagick ipv6 jpeg latex lcms ldap libnotify libv4l lm_sensors logrotate lvm lzma matplotlib matroska mime mmap mmx mmxext mng modules multilib ncurses netlink nfs nls nptl nsplugin ntp numa ogg openal opencl opengl openmp oss pam pcap pch pcre pdf png policykit popcnt posix pulseaudio python rdesktop readline rrdtool samba sdl session spice sqlite sse sse2 sse3 sse4_1 sse4_2 ssl ssse3 startup-notification tcpd theora threads tiff tls truetype udev unicode upnp upower usb v4l vaapi vorbis webgl wxwidgets x264 x265 xattr xcb xcomposite xft xinerama xml xv xvmc zlib" ABI_X86="64" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump author" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="aes avx avx2 fma3 mmx mmxext popcnt sse sse2 sse3 sse4_1 sse4_2 ssse3" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ublox ubx" INPUT_DEVICES="evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" LINGUAS="de en" NGINX_MODULES_HTTP="access" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-5" PYTHON_SINGLE_TARGET="python2_7" PYTHON_TARGETS="python2_7 python3_3" QEMU_SOFTMMU_TARGETS="aarch64 arm x86_64" RUBY_TARGETS="ruby19 ruby20" USERLAND="GNU" VIDEO_CARDS="intel" XFCE_PLUGINS="logout menu trash" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account"
Unset:  CPPFLAGS, CTARGET, INSTALL_MASK, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, USE_PYTHON
Comment 1 Uwe Sauter 2015-03-24 20:58:54 UTC 
Created attachment 399668 [details]
net-misc:telnet-bsd-1.2-r1:20150324-205457.log

build log
Comment 2 Michael Weber (RETIRED) gentoo-dev 2015-08-19 09:18:30 UTC 
Created attachment 409420 [details, diff]
obvious format security patch

I'm gonna write up another one, replacing this char* + int construct with an if statement

                        case ENV_VAR:
                            if (pointer[1] == TELQUAL_SEND)
                                goto def_case;
-                           netoprintf("\" VAR " + noquote);
+                           netoprintf("%s", "\" VAR " + noquote);
                            noquote = 2;
                            break;

could be 

                        case ENV_VAR:
                            if (pointer[1] == TELQUAL_SEND)
                                goto def_case;
-                           netoprintf("\" VAR " + noquote);
+                           if (! noquote) netoprintf("%s", "\" ");
+                           netoprintf("%s", "VAR ");
                            noquote = 2;
                            break;
Comment 3 Marc Schiffbauer gentoo-dev 2015-08-19 22:02:47 UTC 
Hi Michael, thanks for the patch! What about the second one? When I apply your first patch it compiles fine for me.. TIA