cURL / Mailing Lists / curl-library / Single Mail

curl-library

[PATCH] workaround for glibc-detected buffer overflow in test tftp server

From: Paul Howarth <paul_at_city-fan.org>
Date: Thu, 16 Dec 2010 16:17:13 +0000

Building 7.21.3 with glibc and _FORTIFY_SOURCE=2 results in a crash of
the tftp server whilst running the test suite (when it has to process
its first error condition):

*** buffer overflow detected ***: server/tftpd terminated
======= Backtrace: =========
/lib/libc.so.6(__fortify_fail+0x4d)[0x20680d]
/lib/libc.so.6(+0xf482a)[0x20482a]
/lib/libc.so.6(__strcpy_chk+0x3f)[0x203adf]
server/tftpd[0x804c0e1]
server/tftpd[0x804d896]
/lib/libc.so.6(__libc_start_main+0xe6)[0x126e16]
server/tftpd[0x8048fe1]

It was easy to identify the source of this problem since there's only
one call of strcpy() in tftpd.c. The issue looks very similar to the one
described here:

https://bugzilla.redhat.com/show_bug.cgi?id=515361

However, in this case we *are* writing to the last field...

Attached patch, based on the suggestion solution in the above ticket,
works for me.

Paul.

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html

text/x-patch attachment: 0005-curl-7.21.3-tftpd-buffer-overflow.patch

Received on 2010-12-16

This message: [ Message body ]
Next message: Kamil Dudka: "Re: [PATCH] workaround for glibc-detected buffer overflow in test tftp server"
Previous message: Fei Yan: "Re: certification error issue after running for a few cycles on Solaris"
Next in thread: Kamil Dudka: "Re: [PATCH] workaround for glibc-detected buffer overflow in test tftp server"
Reply: Kamil Dudka: "Re: [PATCH] workaround for glibc-detected buffer overflow in test tftp server"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]