[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bacula-devel] "buffer overflow detected" error on fedora distributions.


On Tuesday 29 January 2008 08.12:45 Michael Lausch wrote:
> On Mon, 2008-01-28 at 19:43 -0500, Dan Langille wrote:
> > Michael Lausch wrote:
> > > The error is due to the new (well ~ core 5) buffer overflow checking
> > > implemented by gcc and glibc. _FORTIFY_SOURCE=2  activates it. what
> > > happens can be read in detail at
> > > http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html. but basically
> > > the error is a buffer overflow check in parse.c in the bacula library.
> >
> > parse.c?  I can't find any parse.c in bacula.
>
> sorry, typo it is src/lib/parse_conf.c
>
>
> [deleted]
>
> > As previously mentioned, if this is a Fedora specific issue, how can the
> > Bacula project help?
>
> fix the bug? or at least accept patches which fix this bug?
> And it's not a fedora issue, it's a  redhat (and therefore CentOS)
> issue. See
> http://people.redhat.com/jmorris/slides/dw-RedhatSecurity.pdf

I would recommend that you file a bug report against RedHat.  Their code is 
broken.  I am using memset() which works on a given number of bytes, and they 
should not be mucking around aborting a program just because *they* think the 
size is incorrect.

The one thing you might try before sending a bug report is to change the 
memset from:

  memset(&res_all, 0, res_all_size);

to

  memset((char *)&res_all, 0, res_all_size);

I could see that one could make an argument for detecting an overrun in the 
first case, but in the second case, if they abort the program, then it is 
just plain wrong.

Best regards,

Kern

PS: if you turn on FORTIFY_SOURCE I suspect that you will run into a number of 
other unexpected problems.  FORTIFY_SOURCE is not something we use in 
testing, thus you take your chances ...




>
> To fix this bug/wart the res_all definition has to be changed to #
> extern CURES *res_all;
> from
> extern CURES res_all;
> and of course fix memeory allocation/deallocation and change access to
> struct members from "res_all.x" to "res_all->x".
>
> > In short, we're willing to help, but at present, we have absolutely no
> > idea what you're talking about.  :)
>
> i'm talkling about the error messages like:
> http://www.nabble.com/bug-:-Bacula-2.2.7-on-Fedora-8-crashing-with-buffer-o
>verflow!-p14699739.html
> http://www.nabble.com/Re:-bacula-2.2.8-rpm-release-(Kaboom!-on-Fedora-8)-p1
>5123573.html
> http://www.mail-archive.com/bacula-users@xxxxxxxxxxxxxxxxxxxxx/msg28829.htm
>l
>
>
>
>
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2008.
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> _______________________________________________
> Bacula-devel mailing list
> Bacula-devel@xxxxxxxxxxxxxxxxxxxxx
> https://lists.sourceforge.net/lists/listinfo/bacula-devel



-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Bacula-devel mailing list
Bacula-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/bacula-devel


This mailing list archive is a service of Copilotco.