It looks to me as though the problem might be in snprintf. I certainly cannot see anything wrong with the code as it stands.
M On Tue, 2005-04-05 at 19:11 -0700, Jeff Sheltren wrote: > Hi Mark, I finally got some time to do a bit more debugging on this, and it > looks like the buffer overflow may not be related to gcc4, but rather a > compile flag which is used by default on Fedora Core 4 Test rpmbuild: > -Wp,-D_FORTIFY_SOURCE=2 > > From what I gather, FORTIFY_SOURCE is supposed to help protect from certain > types of buffer overflows. So, perhaps there is a possible buffer overflow > happening (on line 52 of crypto.c), and it just isn't seen until compiled > with the FORTIFY_SOURCE flag? Here is the backtrace of a core dump cause > when I run 'cfagent -qKv': > > (gdb) bt > #0 0x00f037e2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2 > #1 0x0040d17c in raise () from /lib/libc.so.6 > #2 0x0040e8c8 in abort () from /lib/libc.so.6 > #3 0x00441f2a in __libc_message () from /lib/libc.so.6 > #4 0x004c2b65 in __chk_fail () from /lib/libc.so.6 > #5 0x004c262f in __vsnprintf_chk () from /lib/libc.so.6 > #6 0x004c2523 in __snprintf_chk () from /lib/libc.so.6 > #7 0x080a2c51 in RandomSeed () at crypto.c:52 > #8 0x0804ed0a in Initialize (argc=2, argv=0xbfb27eb4) at cfagent.c:298 > #9 0x0804f2d6 in main (argc=0, argv=0x0) at cfagent.c:83 > #10 0x003f9dd6 in __libc_start_main () from /lib/libc.so.6 > #11 0x0804b131 in _start () > > Any ideas? If the FORTIFY_SOURCE flag is not used, I can compile and run > cfagent fine, but I'd like to get this working since it will be the default > for Fedora/Redhat future releases, and there may actually be an overflow > happening there... > > Thanks, > Jeff > > On 3/18/05 8:39 AM, "Mark Burgess" <[EMAIL PROTECTED]> wrote: > > > On Thu, 2005-03-17 at 11:00 -0800, Jeff Sheltren wrote: > >> On 3/17/05 9:46 AM, "Jeff Sheltren" <[EMAIL PROTECTED]> wrote: > >> > >>> I added the attached patch and was able to compile again without errors - > >>> although there were quite a few warnings. Unfortunately, I'm still > >>> getting > >>> a buffer overflow when I run any of the binaries and I'm not sure what is > >>> causing that. I'll try to do some more debugging. > >>> > >>> -Jeff > >> > >> Looks like the buffer overflow is happening on line 52 of crypto.c due to > >> the fact that CF_BUFSIZE isn't available there. From a gdb run: > >> > >> Breakpoint 1, RandomSeed () at crypto.c:52 > >> (gdb) print CF_BUFSIZE > >> No symbol "CF_BUFSIZE" in current context. > >> (gdb) print CF_AVDB_FILE > >> No symbol "CF_AVDB_FILE" in current context. > >> > >> AVDB and CFWORKDIR are defined OK. > >> > >> -Jeff > > > > > > The symbols you mention are macro values, so they do not have symbols in > > the debugger. This is ok. > > > > Mark > > _______________________________________________ Bug-cfengine mailing list [email protected] http://lists.gnu.org/mailman/listinfo/bug-cfengine
