LANG=C readelf -sW tftp | grep _chk
3: 0000000000000000 0 FUNC GLOBAL DEFAULT UND
__longjmp_...@glibc_2.11 (3)
5: 0000000000000000 0 FUNC GLOBAL DEFAULT UND
__fprintf_...@glibc_2.3.4 (4)
10: 0000000000000000 0 FUNC GLOBAL DEFAULT UND
__printf_...@glibc_2.3.4 (4)
15: 0000000000000000 0 FUNC GLOBAL DEFAULT UND
__memcpy_...@glibc_2.3.4 (4)
27: 0000000000000000 0 FUNC GLOBAL DEFAULT UND
__strcpy_...@glibc_2.3.4 (4)
32: 0000000000000000 0 FUNC GLOBAL DEFAULT UND
__stack_chk_f...@glibc_2.4 (6)
buffer overflow likely came from memcpy or strcpy:
$ grep memcpy *
main.c: memcpy(&s_inn, ai->ai_addr, ai->ai_addrlen);
main.c: memcpy(&s_inn, ai->ai_addr, ai->ai_addrlen);
main.c: memcpy(&s_inn, ai->ai_addr, ai->ai_addrlen);
tftp.c: memcpy(&from, &s_inn, sizeof(from));
tftp.c: memcpy(&from, &s_inn, sizeof(from));
$ grep strcpy *
main.c: strcpy(mode, "netascii");
main.c: strcpy(line, "Connect ");
main.c: strcpy(mode, newmode);
main.c: strcpy(line, "send ");
main.c: strcpy(ccp, tail(argv[n]));
main.c: strcpy(line, "get ");
main.c: strcpy(line, "Rexmt-timeout ");
main.c: strcpy(line, "Maximum-timeout ");
tftp.c: strcpy(cp, name);
tftp.c: strcpy(cp, mode);
tftp.c: strcpy(tp->th_msg, pe->e_msg);
--
tftp assert failure: *** buffer overflow detected ***: tftp terminated
https://bugs.launchpad.net/bugs/672325
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
