Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 36377 Details for
Bug 58633
"Stack smashing attack in if_readlist_proc()" from ifconfig
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
gdb results on modified ifconfig with local declaration outside while loop - ultimately "fixes" the smash
gdb2.log (text/plain), 4.48 KB, created by
Kevin F. Quinn (RETIRED)
on 2004-07-28 23:03:09 UTC
(
hide
)
Description:
gdb results on modified ifconfig with local declaration outside while loop - ultimately "fixes" the smash
Filename:
MIME Type:
Creator:
Kevin F. Quinn (RETIRED)
Created:
2004-07-28 23:03:09 UTC
Size:
4.48 KB
patch
obsolete
>GNU gdb 6.0 >Copyright 2003 Free Software Foundation, Inc. >GDB is free software, covered by the GNU General Public License, and you are >welcome to change it and/or distribute copies of it under certain conditions. >Type "show copying" to see the conditions. >There is absolutely no warranty for GDB. Type "show warranty" for details. >This GDB was configured as "i686-pc-linux-gnu"...Using host libthread_db library "/lib/libthread_db.so.1". > >(gdb) run >Starting program: /var/tmp/portage/net-tools-1.60-r8/work/net-tools-1.60/ifconfig >ifconfig: stack smashing attack in function if_readlist_rep() > >Program received signal SIGABRT, Aborted. >0x0805c8b1 in kill () >(gdb) bt full >#0 0x0805c8b1 in kill () >No symbol table info available. >#1 0x08055453 in __stack_smash_handler () >No symbol table info available. >#2 0x0804fc34 in if_readlist_rep (target=0x80d17c0 "eth_dockh", ife=0x80d17b8) > at interface.c:415 > fh = (FILE *) 0x80d1318 > buf = "eth_dockh:39435796 27654 0 0 0 0 0 0 1507948 13569 0 0 0 0 0 0\n\000\000H\031\r\bH\000\000\000Í\003\000\000 ÿ\f\b`í\f\b ÿ\f\b ÿ\f\b|ïÿ¿)q\006\b ÿ\f\bÀ\003\000\000\230ïÿ¿`í\f\bÀ\003\000\000\000\000\000\000°ïÿ¿`s\006\bÀ\003\000\000"... > err = 0 >#3 0x0804f156 in for_all_interfaces (doit=0x80505a3 <do_if_print>, > cookie=0x80cf0c0) at interface.c:137 > ife = (struct interface *) 0x80d17b8 > err = 0 >#4 0x0804829b in if_print (ifname=0x0) at ifconfig.c:111 > res = 135054224 >#5 0x08048b0b in main (argc=0, argv=0xbffff578) at ifconfig.c:296 > err = 134639813 > sa = {sa_family = 5, > sa_data = "\000\000 ü\f\b\004\000\000\000PP\005\b"} > sin = {sin_family = 60768, sin_port = 2060, sin_addr = {s_addr = 0}, > sin_zero = "Uâ\006\b\201Q\005\b"} > host = "\000\000\000\000`í\f\bû@\f\bP\020\r\bÄòÿ¿UÏ\t\b\200\002", '\0' <repeats 22 times>, "Un\f\b\200\f\r\b(\000\000\000\n\000\000\000ÿÏ\005\bN{\v\b\000\000\000\000\000\000\000\000LD\000\000\016\000\000\000`í\f\b\034\f\r\b\000\000\000\000øòÿ¿nc\a\bî\201\004\b\000\000\000\000\000\000\000\000²öÿ¿º\036\v\b" > ap = (struct aftype *) 0x11 > hw = (struct hwtype *) 0x10 > ifr = {ifr_ifrn = {ifrn_name = " ÿ\f\b`í\f\b ÿ\f\b ÿ\f\b"}, > ifr_ifru = {ifru_addr = {sa_family = 62064, > sa_data = "ÿ¿)q\006\b ÿ\f\b\200\002\000"}, ifru_dstaddr = { > sa_family = 62064, sa_data = "ÿ¿)q\006\b ÿ\f\b\200\002\000"}, > ifru_broadaddr = {sa_family = 62064, > sa_data = "ÿ¿)q\006\b ÿ\f\b\200\002\000"}, ifru_netmask = { > sa_family = 62064, sa_data = "ÿ¿)q\006\b ÿ\f\b\200\002\000"}, > ifru_hwaddr = {sa_family = 62064, > sa_data = "ÿ¿)q\006\b ÿ\f\b\200\002\000"}, ifru_flags = -3472, > ifru_ivalue = -1073745296, ifru_mtu = -1073745296, ifru_map = { > mem_start = 3221222000, mem_end = 134639913, base_addr = 65440, > irq = 12 '\f', dma = 8 '\b', port = 128 '\200'}, > ifru_slave = "pòÿ¿)q\006\b ÿ\f\b\200\002\000", > ifru_newname = "pòÿ¿)q\006\b ÿ\f\b\200\002\000", > ifru_data = 0xbffff270 "Äòÿ¿UÏ\t\b\200\002"}} > goterr = 0 > didnetmask = 0 > spp = (char **) 0x80ced60 > fd = 0 > sa6 = {sin6_family = 65532, sin6_port = 2060, > sin6_flowinfo = 135069600, sin6_addr = {in6_u = { > u6_addr8 = " ÿ\f\b\211\002\000\000!\r\002\000X\020\r\b", u6_addr16 = { > 65440, 2060, 649, 0, 3361, 2, 4184, 2061}, u6_addr32 = {135069600, > 649, 134433, 135073880}}}, sin6_scope_id = 67} > ifr6 = {ifr6_addr = {in6_u = { > u6_addr8 = "©\017\002\000H\020\r\b\003\000\000\000a~\006\b", > u6_addr16 = {4009, 2, 4168, 2061, 3, 0, 32353, 2054}, u6_addr32 = { > 135081, 135073864, 3, 134643297}}}, ifr6_prefixlen = 135069600, > ifr6_ifindex = 135064928} > prefix_len = 134643297 > cp = 0x10 <Address 0x10 out of bounds> >(gdb) info registers >eax 0x0 0 >ecx 0x6 6 >edx 0x80ced60 135064928 >ebx 0x6e63 28259 >esp 0xbfffea5c 0xbfffea5c >ebp 0xbfffee78 0xbfffee78 >esi 0xbfffeb20 -1073747168 >edi 0x0 0 >eip 0x805c8b1 0x805c8b1 >eflags 0x200296 2097814 >cs 0x73 115 >ss 0x7b 123 >ds 0x7b 123 >es 0x7b 123 >fs 0x0 0 >gs 0x0 0 >(gdb) x/8i $pc >0x805c8b1 <kill+17>: mov %edx,%ebx >0x805c8b3 <kill+19>: cmp $0xfffff001,%eax >0x805c8b8 <kill+24>: jae 0x805c8bb <kill+27> >0x805c8ba <kill+26>: ret >0x805c8bb <kill+27>: push %ebx >0x805c8bc <kill+28>: call 0x804824b <__i686.get_pc_thunk.bx> >0x805c8c1 <kill+33>: add $0x7249f,%ebx >0x805c8c7 <kill+39>: xor %edx,%edx >(gdb) e quit >The program is running. Exit anyway? (y or n)
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 58633
:
36375
|
36376
| 36377 |
36378
|
36388
|
36449
|
36457
|
37588