lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <CA+55aFyYxvTFGmO3Z-h3LOYJC3i90g6Epe37McpBZP=gUbrGjQ@mail.gmail.com>
Date:	Sun, 4 Dec 2011 11:35:22 -0800
From:	Linus Torvalds <torvalds@...ux-foundation.org>
To:	"Robert M. Stockmann" <stock@...kkie.net>
Cc:	linux-kernel@...r.kernel.org, "Theodore Ts'o" <tytso@....edu>,
	Alan Cox <alan@...ux.intel.com>
Subject: Re: restrictions inside GCC 4.6.x and libc6-2.13 (x86_64)

Sounds like you have compiled it with -D_FORTIFY_SOURCE=1 (which may
well be the default on Ubuntu these days), and it found a real bug.

You need to check *which* snprintf is overflowing the buffer (should
be easy enough with gdb), and see where that happens.

Or you could try to disable fortify, and live with the bug that
apparently seldom causes problems in practice.

You can do it with -D_FORTIFY_SOURCE=0. I don't recommend it, but if
the program is doing something odd/bad on purpose, or if you are not
willing to try to debug it, it should give you a working setup. Or as
working as it ever was.

You should also report this to the right people. Which is *not* the
kernel people. Talk to the libspf guys. Because it's almost certainly
a real bug in their code.

                    Linus


On Sun, Dec 4, 2011 at 6:42 AM, Robert M. Stockmann <stock@...kkie.net> wrote:
>
> Hi,
>
> As i wanted to port some old source code [1] to the latest
> ubuntu 11.10 x86_64 distribution i ran across a strange
> observation :
>
> [acer30:root]:(/usr/lib/x86_64-linux-gnu)# spfqtool -i 192.168.2.5 -s stock@...kkie.net -h stokkie.net
> *** buffer overflow detected ***: spfqtool terminated
> ======= Backtrace: =========
> /lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x37)[0x7fb98f9537f7]
> /lib/x86_64-linux-gnu/libc.so.6(+0xf7710)[0x7fb98f952710]
> /lib/x86_64-linux-gnu/libc.so.6(+0xf6dfb)[0x7fb98f951dfb]
> /lib/x86_64-linux-gnu/libc.so.6(__snprintf_chk+0x78)[0x7fb98f951cd8]
> /usr/lib/libspf-1.0.so.0(SPF_init+0x277)[0x7fb98fbfc8e7]
> spfqtool[0x400afb]
> /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xed)[0x7fb98f87c30d]
> spfqtool[0x400e1d]
>
> [ ... ]"
>
> This is also observed on ubuntu 11.04 x86_64 ..
> When searching on google for this with 'spfqtool' omitted  :
>
> *** buffer overflow detected ***:  terminated
> http://www.google.com/search?hl=en&safe=off&q=***+buffer+overflow+detected+***%3A++terminated&oq=***+buffer+overflow+detected+***%3A++terminated&aq=f&aqi=g-v1g-b9&aql=&gs_sm=e&gs_upl=5641l6824l0l8707l9l9l0l0l0l0l111l878l4.5l9l0
>
> i get about About 820,000 results (0.08 seconds), which reach from the
> year 2009 upto 2011.  I really wonder what is the trouble here, as such
> old source, which has run many CPU cycles for the last 8 years, now
> suddenly has become buggy and prone to buffer overflows ...
>
> Any suggestions on how to migrate 'old code' to the new Linux
> platforms ?
>
> Best Regards,
>
> Robert
> [1] libspf (www.libspf.org)
>    http://crashrecovery.org/SPF/RPMS/spf/src/
>    http://crashrecovery.org/SPF/RPMS/spf/src/libspf-1.0.0-RC6-pre10.tar.bz2
> --
> Robert M. Stockmann - RHCE
> Network Engineer - UNIX/Linux Specialist
> crashrecovery.org  stock@...kkie.net
>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ