Issues with Windows build: /GS and bufferoverflowu.lib

Thu, 28 Feb 2008 17:31:42 -0800 

Hi,

I tried to build 0.9.8g with Visual Studio 2008 x64 vi 'perl Configure 
VC-WIN64A'.  The resulting nt.mak and ntdll.mak files had 'bufferoverflowU.lib' 
added to LFLAGS, courtesy of a few lines in util/pl/VC-32.pl that look like 
this:

    $ex_libs.=' bufferoverflowu.lib' if ($FLAVOR =~ /WIN64/);

There are two problems here.  First, /GS isn't ever added to CFLAGS, which 
means the security checks aren't even enabled, making the specification of 
bufferoverflowu.lib pointless.  I assume this was left out by mistake.

Secondly, it's not appropriate/necessary to link to bufferoverflowu.lib when 
building with newer versions of Visual Studio and/or the Platform SDK.  On my 
development server, I've got Visual Studio .NET 2003 Professional, Visual 
Studio 2005 Professional and Visual Studio 2008 Professional installed, as well 
as Platform SDKs 5.0, 6.0a and 6.1.  Given that, consider the following:

% find /c/Program\ Files/Microsoft* /c/Program\ Files\ \(x86\)/Microsoft* -type 
f -iname "*bufferoverflow*"
/c/Program Files (x86)/Microsoft SDKs/Windows/v5.0/Lib/IA64/bufferoverflowu.lib
/c/Program Files (x86)/Microsoft Visual Studio 
8/VC/PlatformSDK/Lib/AMD64/bufferoverflowu.lib
/c/Program Files (x86)/Microsoft Visual Studio 
8/VC/PlatformSDK/Lib/bufferoverflowu.lib

If you're building with Visual Studio 2005 or above, the VC CRT includes all 
the necessary symbols to support /GS (i.e. __security_check_cookie) such that 
linking with bufferoverflowu.lib isn't required.  In VS 2008 and Platform SDKs 
6.0a and 6.1, bufferoverflowu.lib isn't even distributed anymore, so attempting 
to build in this environment with Configure's output for 'VC-WIN64[IA]' will 
fail, as it did for me.

There's a relevant discussion about the issue at 
http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=72235&SiteID=1.  
Providing the following in a header somewhere is probably the most suitable 
option, otherwise the Perl build framework would need to be modified to 
correctly detect which VC or PSDK environment is being used:

#if _MSC_FULL_VER > 140000000 && _MSC_FULL_VER <= 140040310
#pragma comment(lib,"bufferoverflowU.lib")
#endif

Again, all of this is moot if /GS isn't added as a CFLAG ;-)

Regards,

    Trent.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [email protected]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to