On Thursday 16 December 2010 17:17:13 Paul Howarth wrote: > Building 7.21.3 with glibc and _FORTIFY_SOURCE=2 results in a crash of > the tftp server whilst running the test suite (when it has to process > its first error condition): > > *** buffer overflow detected ***: server/tftpd terminated > ======= Backtrace: ========= > /lib/libc.so.6(__fortify_fail+0x4d)[0x20680d] > /lib/libc.so.6(+0xf482a)[0x20482a] > /lib/libc.so.6(__strcpy_chk+0x3f)[0x203adf] > server/tftpd[0x804c0e1] > server/tftpd[0x804d896] > /lib/libc.so.6(__libc_start_main+0xe6)[0x126e16] > server/tftpd[0x8048fe1] > > It was easy to identify the source of this problem since there's only > one call of strcpy() in tftpd.c. The issue looks very similar to the one > described here: > > https://bugzilla.redhat.com/show_bug.cgi?id=515361 > > However, in this case we *are* writing to the last field...
The structure is embedded into a union and my guess is that it confuses the overflow checker. > Attached patch, based on the suggestion solution in the above ticket, > works for me. The patch looks sane. But the explicit zero termination seems redundant to me (in both cases), since the terminating zero is already copied as part of the string. Or am I missing something? By the way, thanks for the update in rawhide! Kamil ------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
