sysutils/grub2-bhyve: CURRENT build breaks on "gets" security hole

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

sysutils/grub2-bhyve: CURRENT build breaks on "gets" security hole

Sérgio Siegrist
Log from Trident build (13-CURRENT):


grub2-bhyve fails to compile with this error:
gcc8 -DHAVE_CONFIG_H -I. -I../.. -I../../intl -MT argp-eexst.o -MD -MP
-MF .deps/argp-eexst.Tpo -c -o argp-eexst.o argp-eexst.c
In file included from argp.h:22,
from argp-eexst.c:25:
./stdio.h:456:1: error: 'gets' undeclared here (not in a function); did
you mean 'getw'?
_GL_WARN_ON_USE (gets, "gets is a security hole - use fgets instead");
^~~~~~~~~~~~~~~
gmake[5]: *** [Makefile:1030: argp-eexst.o] Error 1


I suppose replacing 'gets' with 'fgets' should fix it.

_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-virtualization
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: sysutils/grub2-bhyve: CURRENT build breaks on "gets" security hole

John D Groenveld
In message <[hidden email]>, =?UTF-8?Q?S=c3=a9r
gio_Siegrist?= writes:

>grub2-bhyve fails to compile with this error:
>gcc8 -DHAVE_CONFIG_H -I. -I../.. -I../../intl -MT argp-eexst.o -MD -MP
>-MF .deps/argp-eexst.Tpo -c -o argp-eexst.o argp-eexst.c
>In file included from argp.h:22,
>from argp-eexst.c:25:
>./stdio.h:456:1: error: 'gets' undeclared here (not in a function); did
>you mean 'getw'?
>_GL_WARN_ON_USE (gets, "gets is a security hole - use fgets instead");
>^~~~~~~~~~~~~~~
>gmake[5]: *** [Makefile:1030: argp-eexst.o] Error 1
>
>
>I suppose replacing 'gets' with 'fgets' should fix it.

I think the compiler is flagging the attempt in stdio.h to flag
the use of gets(3) as gets(3) has been removed from the C standard
and the C library.

The package builds without the check.
$ cat files/patch-grub-core_gnulib_stdio.in.h
@@ -137,12 +137,6 @@ _GL_WARN_ON_USE (fflush, "fflush is not always POSIX compliant - "
                  "use gnulib module fflush for portable POSIX compliance");
 #endif

-/* It is very rare that the developer ever has full control of stdin,
-   so any use of gets warrants an unconditional warning.  Assume it is
-   always declared, since it is required by C89.  */
-#undef gets
-_GL_WARN_ON_USE (gets, "gets is a security hole - use fgets instead");
-
 #if @GNULIB_FOPEN@
 # if @REPLACE_FOPEN@
 #  if !(defined __cplusplus && defined GNULIB_NAMESPACE)

John
[hidden email]
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-virtualization
To unsubscribe, send any mail to "[hidden email]"