On Thu, 2008-10-16 at 22:52 +0200, Daniel Gollub wrote: > plain text document attachment > (fix-buffer-overflow-in-symlink01.patch) > When compiling with -D_FORTIFY_SOURCE=2 following buffer-overflow gets > detected: > > Starting program: > /root/ltp/ltp-full-20080916/testcases/kernel/syscalls/symlink/symlink01 > symlink01 1 PASS : Creation of symbolic link file to no object file > is ok > symlink01 2 PASS : Creation of symbolic link file to no object file > is ok > symlink01 3 PASS : Creation of symbolic link file and object file via > symbolic link is ok > symlink01 4 PASS : Creating an existing symbolic link file error is > caught > *** buffer overflow detected ***: > /root/ltp/ltp-full-20080916/testcases/kernel/syscalls/symlink/symlink01 > terminated > ======= Backtrace: ========= > /lib64/libc.so.6(__chk_fail+0x2f)[0x2b5ae730f31f] > /lib64/libc.so.6[0x2b5ae730e3c3] > > /root/ltp/ltp-full-20080916/testcases/kernel/syscalls/symlink/symlink01[0x4048fe] > > /root/ltp/ltp-full-20080916/testcases/kernel/syscalls/symlink/symlink01[0x403e7b] > > /root/ltp/ltp-full-20080916/testcases/kernel/syscalls/symlink/symlink01[0x4047b7] > /lib64/libc.so.6(__libc_start_main+0xf4)[0x2b5ae725a184] > > /root/ltp/ltp-full-20080916/testcases/kernel/syscalls/symlink/symlink01[0x401c39] > > (gdb) bt > #0 0x00002b5ae726cbb5 in raise () from /lib64/libc.so.6 > #1 0x00002b5ae726dfb0 in abort () from /lib64/libc.so.6 > #2 0x00002b5ae72a332b in __libc_message () from /lib64/libc.so.6 > #3 0x00002b5ae730f31f in __chk_fail () from /lib64/libc.so.6 > #4 0x00002b5ae730e3c3 in __strcat_chk () from /lib64/libc.so.6 > #5 0x00000000004048fe in creat_path_max (path1=0x409d88 "object", > path2=<value optimized out>, path3=<value optimized out>) > at symlink01.c:844 > #6 0x0000000000403e7b in do_syscalltests (tcs=0x50cec0) at symlink01.c:958 > #7 0x00000000004047b7 in main (argc=<value optimized out>, argv=<value > optimized out>) at symlink01.c:569 > (gdb) up > #1 0x00002b5ae726dfb0 in abort () from /lib64/libc.so.6 > (gdb) > #2 0x00002b5ae72a332b in __libc_message () from /lib64/libc.so.6 > (gdb) > #3 0x00002b5ae730f31f in __chk_fail () from /lib64/libc.so.6 > (gdb) > #4 0x00002b5ae730e3c3 in __strcat_chk () from /lib64/libc.so.6 > (gdb) > #5 0x00000000004048fe in creat_path_max (path1=0x409d88 "object", > path2=<value optimized out>, path3=<value optimized out>) > at symlink01.c:844 > 844 strcat(full_path, "Z"); > > > Variable full_path exceeds PATH_MAX limit in creat_path_max(), to avoid a > buffer overflow > the size of full_path needs to be incremented by one. > > Signed-off-by: Daniel Gollub <[EMAIL PROTECTED]> > > --- > testcases/kernel/syscalls/symlink/symlink01.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > Index: ltp-full-20080916/testcases/kernel/syscalls/symlink/symlink01.c > =================================================================== > --- ltp-full-20080916.orig/testcases/kernel/syscalls/symlink/symlink01.c > +++ ltp-full-20080916/testcases/kernel/syscalls/symlink/symlink01.c > @@ -488,7 +488,7 @@ time_t a_time_value = 100; > char *TCID; > char *Selectedtests = NULL; /* Name (tcid) of selected test cases */ > char test_msg[BUFMAX]; > -char full_path[PATH_MAX+1]; > +char full_path[PATH_MAX+1+1]; /* Add one for '\0' and another to exceed the > PATH_MAX limit, see creat_path_max() */
True here too. Merged. Regards-- Subrata > extern int Tst_count; > extern char *TESTDIR; > /*extern char *strrchr();*/ > > > ------------------------------------------------------------------------- > This SF.Net email is sponsored by the Moblin Your Move Developer's challenge > Build the coolest Linux based applications with Moblin SDK & win great prizes > Grand prize is a trip for two to an Open Source event anywhere in the world > http://moblin-contest.org/redirect.php?banner_id=100&url=/ > _______________________________________________ > Ltp-list mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/ltp-list ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Ltp-list mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/ltp-list
