1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
|
commit 66712c23388e93e5c518ebc8515140fa0c807348
Author: Eric Blake <eblake@redhat.com>
Date: Thu Mar 29 13:30:41 2012 -0600
stdio: don't assume gets any more
Gnulib intentionally does not have a gets module, and now that C11
and glibc have dropped it, we should be more proactive about warning
any user on a platform that still has a declaration of this dangerous
interface.
* m4/stdio_h.m4 (gl_STDIO_H, gl_STDIO_H_DEFAULTS): Drop gets
support.
* modules/stdio (Makefile.am): Likewise.
* lib/stdio-read.c (gets): Likewise.
* tests/test-stdio-c++.cc: Likewise.
* m4/warn-on-use.m4 (gl_WARN_ON_USE_PREPARE): Fix comment.
* lib/stdio.in.h (gets): Make warning occur in more places.
* doc/posix-functions/gets.texi (gets): Update documentation.
Reported by Christer Solskogen.
Signed-off-by: Eric Blake <eblake@redhat.com>
diff --git a/gnulib/lib/stdio.in.h b/gnulib/lib/stdio.in.h
index aa7b599..c377b6e 100644
--- a/gnulib/lib/stdio.in.h
+++ b/gnulib/lib/stdio.in.h
@@ -698,22 +698,11 @@ _GL_WARN_ON_USE (getline, "getline is unportable - "
# endif
#endif
-#if @GNULIB_GETS@
-# if @REPLACE_STDIO_READ_FUNCS@ && @GNULIB_STDIO_H_NONBLOCKING@
-# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
-# undef gets
-# define gets rpl_gets
-# endif
-_GL_FUNCDECL_RPL (gets, char *, (char *s) _GL_ARG_NONNULL ((1)));
-_GL_CXXALIAS_RPL (gets, char *, (char *s));
-# else
-_GL_CXXALIAS_SYS (gets, char *, (char *s));
-# undef gets
-# endif
-_GL_CXXALIASWARN (gets);
/* It is very rare that the developer ever has full control of stdin,
- so any use of gets warrants an unconditional warning. Assume it is
- always declared, since it is required by C89. */
+ so any use of gets warrants an unconditional warning; besides, C11
+ removed it. */
+#undef gets
+#if HAVE_RAW_DECL_GETS
_GL_WARN_ON_USE (gets, "gets is a security hole - use fgets instead");
#endif
@@ -1053,9 +1042,9 @@ _GL_WARN_ON_USE (snprintf, "snprintf is unportable - "
# endif
#endif
-/* Some people would argue that sprintf should be handled like gets
- (for example, OpenBSD issues a link warning for both functions),
- since both can cause security holes due to buffer overruns.
+/* Some people would argue that all sprintf uses should be warned about
+ (for example, OpenBSD issues a link warning for it),
+ since it can cause security holes due to buffer overruns.
However, we believe that sprintf can be used safely, and is more
efficient than snprintf in those safe cases; and as proof of our
belief, we use sprintf in several gnulib modules. So this header
diff --git a/gnulib/m4/stdio_h.m4 b/gnulib/m4/stdio_h.m4
index 1973e8d..b03393b 100644
--- a/gnulib/m4/stdio_h.m4
+++ b/gnulib/m4/stdio_h.m4
@@ -1,4 +1,4 @@
-# stdio_h.m4 serial 40
+# stdio_h.m4 serial 41
dnl Copyright (C) 2007-2012 Free Software Foundation, Inc.
dnl This file is free software; the Free Software Foundation
dnl gives unlimited permission to copy and/or distribute it,
@@ -18,7 +18,6 @@ AC_DEFUN([gl_STDIO_H],
GNULIB_GETC=1
GNULIB_GETCHAR=1
GNULIB_FGETS=1
- GNULIB_GETS=1
GNULIB_FREAD=1
dnl This ifdef is necessary to avoid an error "missing file lib/stdio-read.c"
dnl "expected source file, required through AC_LIBSOURCES, not found". It is
@@ -72,10 +71,10 @@ AC_DEFUN([gl_STDIO_H],
dnl Check for declarations of anything we want to poison if the
dnl corresponding gnulib module is not in use, and which is not
- dnl guaranteed by C89.
+ dnl guaranteed by both C89 and C11.
gl_WARN_ON_USE_PREPARE([[#include <stdio.h>
- ]], [dprintf fpurge fseeko ftello getdelim getline pclose popen renameat
- snprintf tmpfile vdprintf vsnprintf])
+ ]], [dprintf fpurge fseeko ftello getdelim getline gets pclose popen
+ renameat snprintf tmpfile vdprintf vsnprintf])
])
AC_DEFUN([gl_STDIO_MODULE_INDICATOR],
@@ -113,7 +112,6 @@ AC_DEFUN([gl_STDIO_H_DEFAULTS],
GNULIB_GETCHAR=0; AC_SUBST([GNULIB_GETCHAR])
GNULIB_GETDELIM=0; AC_SUBST([GNULIB_GETDELIM])
GNULIB_GETLINE=0; AC_SUBST([GNULIB_GETLINE])
- GNULIB_GETS=0; AC_SUBST([GNULIB_GETS])
GNULIB_OBSTACK_PRINTF=0; AC_SUBST([GNULIB_OBSTACK_PRINTF])
GNULIB_OBSTACK_PRINTF_POSIX=0; AC_SUBST([GNULIB_OBSTACK_PRINTF_POSIX])
GNULIB_PCLOSE=0; AC_SUBST([GNULIB_PCLOSE])
|
