lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Sun, 4 Dec 2011 15:42:34 +0100 (CET)
From:	"Robert M. Stockmann" <stock@...kkie.net>
To:	linux-kernel@...r.kernel.org
cc:	Linus Torvalds <torvalds@...ux-foundation.org>,
	Theodore Ts'o <tytso@....edu>, Alan Cox <alan@...ux.intel.com>
Subject: restrictions inside GCC 4.6.x and libc6-2.13 (x86_64)


Hi,

As i wanted to port some old source code [1] to the latest
ubuntu 11.10 x86_64 distribution i ran across a strange
observation :

[acer30:root]:(/usr/lib/x86_64-linux-gnu)# spfqtool -i 192.168.2.5 -s stock@...kkie.net -h stokkie.net
*** buffer overflow detected ***: spfqtool terminated
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x37)[0x7fb98f9537f7]
/lib/x86_64-linux-gnu/libc.so.6(+0xf7710)[0x7fb98f952710]
/lib/x86_64-linux-gnu/libc.so.6(+0xf6dfb)[0x7fb98f951dfb]
/lib/x86_64-linux-gnu/libc.so.6(__snprintf_chk+0x78)[0x7fb98f951cd8]
/usr/lib/libspf-1.0.so.0(SPF_init+0x277)[0x7fb98fbfc8e7]
spfqtool[0x400afb]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xed)[0x7fb98f87c30d]
spfqtool[0x400e1d]

[ ... ]"

This is also observed on ubuntu 11.04 x86_64 ..
When searching on google for this with 'spfqtool' omitted  :

*** buffer overflow detected ***:  terminated
http://www.google.com/search?hl=en&safe=off&q=***+buffer+overflow+detected+***%3A++terminated&oq=***+buffer+overflow+detected+***%3A++terminated&aq=f&aqi=g-v1g-b9&aql=&gs_sm=e&gs_upl=5641l6824l0l8707l9l9l0l0l0l0l111l878l4.5l9l0

i get about About 820,000 results (0.08 seconds), which reach from the 
year 2009 upto 2011.  I really wonder what is the trouble here, as such 
old source, which has run many CPU cycles for the last 8 years, now 
suddenly has become buggy and prone to buffer overflows ...

Any suggestions on how to migrate 'old code' to the new Linux
platforms ?

Best Regards,

Robert
[1] libspf (www.libspf.org)
    http://crashrecovery.org/SPF/RPMS/spf/src/
    http://crashrecovery.org/SPF/RPMS/spf/src/libspf-1.0.0-RC6-pre10.tar.bz2
-- 
Robert M. Stockmann - RHCE
Network Engineer - UNIX/Linux Specialist
crashrecovery.org  stock@...kkie.net

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ