Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 09 Oct 2019 10:03:50 -0400
From:      John D Groenveld <groenveld@acm.org>
To:        freebsd-virtualization@freebsd.org
Subject:   Re: sysutils/grub2-bhyve: CURRENT build breaks on "gets" security hole
Message-ID:  <201910091403.x99E3oZM004443@groenveld.us>
In-Reply-To: Your message of "Tue, 08 Oct 2019 17:52:08 -0300." <b5dee193-1b45-0438-2d84-1e9ecb7297c5@gmail.com>
References:  <b5dee193-1b45-0438-2d84-1e9ecb7297c5@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
In message <b5dee193-1b45-0438-2d84-1e9ecb7297c5@gmail.com>, =3D?UTF-8?Q?S=
=3Dc3=3Da9r
gio_Siegrist?=3D writes:
>grub2-bhyve fails to compile with this error:
>gcc8 -DHAVE_CONFIG_H -I. -I../.. -I../../intl -MT argp-eexst.o -MD -MP =

>-MF .deps/argp-eexst.Tpo -c -o argp-eexst.o argp-eexst.c
>In file included from argp.h:22,
>from argp-eexst.c:25:
>./stdio.h:456:1: error: 'gets' undeclared here (not in a function); did =

>you mean 'getw'?
>_GL_WARN_ON_USE (gets, "gets is a security hole - use fgets instead");
>^~~~~~~~~~~~~~~
>gmake[5]: *** [Makefile:1030: argp-eexst.o] Error 1
>
>
>I suppose replacing 'gets' with 'fgets' should fix it.

I think the compiler is flagging the attempt in stdio.h to flag
the use of gets(3) as gets(3) has been removed from the C standard
and the C library. =


The package builds without the check.
$ cat files/patch-grub-core_gnulib_stdio.in.h
@@ -137,12 +137,6 @@ _GL_WARN_ON_USE (fflush, "fflush is not always POSIX =
compliant - "
                  "use gnulib module fflush for portable POSIX compliance"=
);
 #endif

-/* It is very rare that the developer ever has full control of stdin,
-   so any use of gets warrants an unconditional warning.  Assume it is
-   always declared, since it is required by C89.  */
-#undef gets
-_GL_WARN_ON_USE (gets, "gets is a security hole - use fgets instead");
-
 #if @GNULIB_FOPEN@
 # if @REPLACE_FOPEN@
 #  if !(defined __cplusplus && defined GNULIB_NAMESPACE)

John
groenveld@acm.org

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201910091403.x99E3oZM004443>