Hi, Below is a patch that would enable iperf 2.0.5 to compile with -Werror=format-security
I maintain iperf 2.0.5 in Fedora, and starting with F21 all packages must be built using this flag, to protect againts potential format string vulnerabilities. Their documentation for why this is a "good idea (tm" is here: https://fedorahosted.org/fesco/ticket/1185 and here https://fedoraproject.org/wiki/Format-Security-FAQ Please consider applying toward 2.0.6, if/when that happens. Thanks, --Gabriel diff -NarU5 A/compat/Thread.c B/compat/Thread.c --- A/compat/Thread.c 2010-03-30 19:08:24.000000000 -0400 +++ B/compat/Thread.c 2013-12-22 12:23:11.623088163 -0500 @@ -379,11 +379,11 @@ * ------------------------------------------------------------------- */ int thread_release_nonterm( int interrupt ) { Condition_Lock( thread_sNum_cond ); thread_sNum -= nonterminating_num; if ( thread_sNum > 1 && nonterminating_num > 0 && interrupt != 0 ) { - fprintf( stderr, wait_server_threads ); + fprintf( stderr, "%s", wait_server_threads ); } nonterminating_num = 0; Condition_Signal( &thread_sNum_cond ); Condition_Unlock( thread_sNum_cond ); return thread_sNum; diff -NarU5 A/src/ReportDefault.c B/src/ReportDefault.c --- A/src/ReportDefault.c 2010-03-30 18:57:17.000000000 -0400 +++ B/src/ReportDefault.c 2013-12-22 12:44:12.968001912 -0500 @@ -76,20 +76,20 @@ stats->mFormat); if ( stats->mUDP != (char)kMode_Server ) { // TCP Reporting if( !header_printed ) { - printf( report_bw_header); + printf( "%s", report_bw_header); header_printed = 1; } printf( report_bw_format, stats->transferID, stats->startTime, stats->endTime, buffer, &buffer[sizeof(buffer)/2] ); } else { // UDP Reporting if( !header_printed ) { - printf( report_bw_jitter_loss_header); + printf( "%s", report_bw_jitter_loss_header); header_printed = 1; } printf( report_bw_jitter_loss_format, stats->transferID, stats->startTime, stats->endTime, buffer, &buffer[sizeof(buffer)/2], @@ -157,11 +157,11 @@ win = getsock_tcp_windowsize( data->info.transferID, (data->mThreadMode == kMode_Listener ? 0 : 1) ); win_requested = data->mTCPWin; - printf( separator_line ); + printf( "%s", separator_line ); if ( data->mThreadMode == kMode_Listener ) { printf( server_port, (isUDP( data ) ? "UDP" : "TCP"), data->mPort ); } else { @@ -196,11 +196,11 @@ byte_snprintf( buffer, sizeof(buffer), win_requested, toupper( data->info.mFormat)); printf( warn_window_requested, buffer ); } printf( "\n" ); - printf( separator_line ); + printf( "%s", separator_line ); } /* * Report a socket's peer IP address in default style */ @@ -284,11 +284,11 @@ net = "HIPPI"; mtu = 65280; } else if ( checkMSS_MTU( inMSS, 576 ) ) { net = "minimum"; mtu = 576; - printf( warn_no_pathmtu ); + printf( "%s", warn_no_pathmtu ); } else { mtu = inMSS + 40; net = "unknown interface"; } diff -NarU5 A/src/Reporter.c B/src/Reporter.c --- A/src/Reporter.c 2010-03-30 19:08:24.000000000 -0400 +++ B/src/Reporter.c 2013-12-22 13:49:36.285733636 -0500 @@ -894,11 +894,11 @@ net = "HIPPI"; mtu = 65280; } else if ( checkMSS_MTU( inMSS, 576 ) ) { net = "minimum"; mtu = 576; - printf( warn_no_pathmtu ); + printf( "%s", warn_no_pathmtu ); } else { mtu = inMSS + 40; net = "unknown interface"; } diff -NarU5 A/src/Settings.cpp B/src/Settings.cpp --- A/src/Settings.cpp 2010-07-08 21:05:46.000000000 -0400 +++ B/src/Settings.cpp 2013-12-22 14:01:09.958686202 -0500 @@ -373,12 +373,12 @@ case 'f': // format to print in mExtSettings->mFormat = (*optarg); break; case 'h': // print help and exit - fprintf(stderr, usage_long1); - fprintf(stderr, usage_long2); + fprintf(stderr, "%s", usage_long1); + fprintf(stderr, "%s", usage_long2); exit(1); break; case 'i': // specify interval between periodic bw reports mExtSettings->mInterval = atof( optarg ); @@ -480,11 +480,11 @@ fprintf( stderr, warn_implied_compatibility, option ); } break; case 'v': // print version and exit - fprintf( stderr, version ); + fprintf( stderr, "%s", version ); exit(1); break; case 'w': // TCP window size (socket buffer size) Settings_GetUpperCaseArg(optarg,outarg); ------------------------------------------------------------------------------ Rapidly troubleshoot problems before they affect your business. Most IT organizations don't have a clear picture of how application performance affects their revenue. With AppDynamics, you get 100% visibility into your Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro! http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk _______________________________________________ Iperf-users mailing list Iperf-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/iperf-users
