See bug 1036982 for the source of the problem
Description of problem:
Version-Release number of selected component (if applicable):
All the time
Steps to Reproduce:
1. $ mount_afp afp://foo/Music Music
zsh: segmentation fault (core dumped) mount_afp afp://foo/Music Music
replace snprintf by strncat without checking the paramaters are in order.
snprintf(..., ...., "%s", ...) instead of strncat().
Had you tested it you'd know.
strncpy() would work too.
And if you really want to be secure, the size parameter is supposed to be the size of the destination, not the size from the source.
Also it should be noted that you ignored the compiler warnings too:
gcc -DHAVE_CONFIG_H -I. -I.. -D_FILE_OFFSET_BITS=64 -I../include -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -c status.c -fPIC -DPIC -o .libs/libafpclient_la-status.o
afp_url.c: In function 'afp_parse_url':
afp_url.c:236:2: warning: passing argument 2 of 'strncat' makes pointer from integer without a cast
Created attachment 960937 [details]
Here the fixed version of the patch (not of a diff of the patch but just afpfs-ng-0.8.1-formatsec.patch as found in SOURCES).
It fixes what the other patch broke. There is plenty of other things upstream that should be fixed too.
Please apply this urgently.
afpfs-ng-0.8.1-18.fc21 has been submitted as an update for Fedora 21.
afpfs-ng-0.8.1-13.fc20 has been submitted as an update for Fedora 20.
Thank you kindly.
* should fix your issue,
* was pushed to the Fedora 20 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing afpfs-ng-0.8.1-13.fc20'
as soon as you are able to.
Please go to the following url:
then log in and leave karma (feedback).
afpfs-ng-0.8.1-18.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.
afpfs-ng-0.8.1-13.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.