Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 118097 - net-misc/curl -self tests fail on hardened
Summary: net-misc/curl -self tests fail on hardened
Status: RESOLVED WORKSFORME
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: x86 Linux
: High normal (vote)
Assignee: The Gentoo Linux Hardened Team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2006-01-06 13:58 UTC by Michal Suchanek
Modified: 2007-04-29 12:50 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Michal Suchanek 2006-01-06 13:58:45 UTC 
There is stack smashing reported in tests 253 and 255.

22:54:35.511705 * About to connect() to ::1 port 8996
22:54:35.512283 *   Trying ::1... connected
22:54:35.512973 * Connected to ::1 (::1) port 8996
22:54:35.585913 < 220-        _   _ ____  _     
22:54:35.586727 < 220-    ___| | | |  _ \| |    
22:54:35.587491 < 220-   / __| | | | |_) | |    
22:54:35.588255 < 220-  | (__| |_| |  _ <| |___ 
22:54:35.589022 < 220    \___|\___/|_| \_\_____|
22:54:35.589578 > USER anonymous
22:54:35.592065 < 331 We are happy you popped in!
22:54:35.592666 > PASS curl_by_daniel@haxx.se
22:54:35.594148 < 230 Welcome you silly person
22:54:35.594499 > PWD
22:54:35.595905 < 257 "/nowhere/anywhere" is current directory
22:54:35.596115 * Entry path is '/nowhere/anywhere'
22:54:35.596599 > EPRT |2|::1|33075|
22:54:35.598069 < 200 Thanks for dropping by. We contact you later
22:54:35.598277 * Connect data stream actively
22:54:35.598594 > TYPE A
22:54:35.605998 < 200 I modify TYPE as you wanted
22:54:35.606352 > LIST
22:54:35.607714 < 150 here comes a directory
22:54:35.607974 * Connection accepted from server
lt-curl: stack smashing attack in function AllowServerConnect()


Portage 2.0.51.22-r3 (default-linux/x86/2005.1, gcc-3.4.4, glibc-2.3.5-r2, 2.6.14-gentoo-r2-src i686)
=================================================================
System uname: 2.6.14-gentoo-r2-src i686 AMD Athlon(tm) XP 1800+
Gentoo Base System version 1.6.13
ccache version 2.3 [enabled]
dev-lang/python:     2.3.5-r2, 2.4.2
sys-apps/sandbox:    1.2.12
sys-devel/autoconf:  2.13, 2.59-r6
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1
sys-devel/binutils:  2.16.1
sys-devel/libtool:   1.5.20
virtual/os-headers:  2.6.11-r2
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O2 -march=athlon-xp -mfpmath=sse -fomit-frame-pointer -pipe"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/lib/X11/xkb /usr/share/config /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/ /usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/ /usr/share/texmf/xdvi/ /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d"
CXXFLAGS="-O2 -march=athlon-xp -mfpmath=sse -fomit-frame-pointer -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig ccache distlocks maketest nostrip sandbox sfperms strict test"
GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/Linux/distributions/gentoo"
LANG="en_US.UTF-8"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="x86 3dnow X a52 aac acpi aim alsa audiofile avi bcmath berkdb bitmap-fonts bzip2 caps cdb cdparanoia cdr cpdflib crypt cscope ctype cups curl dbus dbx debug dedicated dga dio dlloader doc dri dts dv dvb dvd dvdr dvdread eds emboss encode ethereal examples exif expat fam fbcon ffmpeg flac flash flatfile foomaticdb fortran ftp gb gcj gd gdbm ggi gif ginac glut gmp gnutls gphoto2 gpm gstreamer gtk gtk2 gtkhtml hal hardened howl iconv icq idn ieee1394 imagemagick imap imlib inifile ipv6 jabber javascript jpeg kdexdeltas kerberos lcms ldap libg++ libwww lm_sensors lua mad maildir matroska matrox mbox mikmod mime ming mmap mmx mng motif mozilla mp3 mpeg msn nas ncurses nls nptl nptlonly nsplugin offensive ogg oggvorbis openal opengl osc oscar oss pam pcntl pcre pdflib perl png ppds python quicktime readline recode ruby samba sasl sdl session sharedmem shorten skey slp sndfile snmp sockets sox speex spell sqlite sse ssl svg sysvipc tcltk tcpd test tetex theora threads tidy tiff truetype truetype-fonts type1-fonts udev unicode usb userlocales v4l vcd videos vorbis wifi wmf xface xml xml2 xmms xosd xpm xprint xv xvid yahoo zlib userland_GNU kernel_linux elibc_glibc"
Unset:  ASFLAGS, CTARGET, LC_ALL, LDFLAGS, LINGUAS, PORTDIR_OVERLAY
Comment 1 Michal Suchanek 2006-01-06 14:01:18 UTC 
curl version 7.15.1
Comment 2 Daniel Black (RETIRED) gentoo-dev 2006-12-08 21:48:44 UTC 
********* System characteristics ********
* curl 7.15.1 (i686-pc-linux-gnu)
* libcurl/7.15.1 GnuTLS/1.4.4 zlib/1.2.3 libidn/0.5.15
* Features: IDN IPv6 Largefile SSL libz
* Host: spider
* System: Linux spider 2.6.16-hardened-r11 #6 Fri Sep 8 21:57:13 EST 2006 i686 Pentium III (Coppermine) GenuineIntel GNU/Linux
* Server SSL:     OFF
* libcurl SSL:    ON
* libcurl debug:  OFF
* valgrind:       OFF
* HTTP IPv6       ON
* FTP IPv6        ON
* HTTP port:      8990
* FTP port:       8992
* FTP port 2:     8995
* HTTP IPv6 port: 8994
* FTP IPv6 port:  8996
* TFTP port:      8997
* SSL library:    GnuTLS

Confirmed on:
curl-7.15.1-r1
curl-7.15.3
curl-7.15.5

curl-7.16.0 (failed once on test 252 but was unable to replicate)


USE="ssl ipv6 ldap ares gnutls idn kerberos krb4 test"
# emerge --info
Portage 2.1.1-r2 (hardened/x86/2.6, gcc-3.4.6, glibc-2.3.6-r4, 2.6.16-hardened-r11 i686)
=================================================================
System uname: 2.6.16-hardened-r11 i686 Pentium III (Coppermine)
Gentoo Base System version 1.12.6
Last Sync: Fri, 08 Dec 2006 18:20:01 +0000
distcc 2.18.3 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632) [enabled]
app-admin/eselect-compiler: [Not Present]
dev-java/java-config: [Not Present]
dev-lang/python:     2.3.5, 2.4.3-r4
dev-python/pycrypto: 2.0.1-r5
dev-util/ccache:     [Not Present]
dev-util/confcache:  [Not Present]
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.60
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2
sys-devel/binutils:  2.16.1-r3
sys-devel/gcc-config: 1.3.13-r4
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.17-r2
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-march=pentium3 -O2 -pipe"

Does curl-7.16.0 work for you?
Note php has a bug with curl - see bug 157560
Comment 3 Kevin F. Quinn (RETIRED) gentoo-dev 2007-03-19 23:08:37 UTC 
(In reply to comment #0)
> Portage 2.0.51.22-r3 (default-linux/x86/2005.1, gcc-3.4.4, glibc-2.3.5-r2,
> 2.6.14-gentoo-r2-src i686)

I would suggest that the gcc version is probably the difference.  The recommendation has to be to try with gcc-3.4.6-r2 (especially as it seems to be fine with that from dragonheart's tests).

Another possibility is that the ipv6 tests (which are what 253 and 255 are) cause curl call something from a shared library that caused the smash.  Note that the function reported by the glibc-2.3 stack smash handler is the function that was smashed - the function that did the smashing was one called by the reported function (and so could be in a shared library).  The advice remains the same, however - update to gcc-3.4.6-r2, but rebuild the dependencies with it as well.
Comment 4 Christian Heim (RETIRED) gentoo-dev 2007-04-29 12:50:03 UTC 
curl-7.15.1 works for me, if you still have this issue after upgrading your gcc (and recompiling curl with that version of gcc) please reopen this bug.