138873 – libextractor: stack smashing attack in function main()

Bug 138873 - libextractor: stack smashing attack in function main()

Summary: libextractor: stack smashing attack in function main()

Status:	RESOLVED INVALID

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	[OLD] Library (show other bugs)
Hardware:	x86 Linux

Importance:	High normal (vote)
Assignee:	The Gentoo Linux Hardened Team

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2006-07-02 09:09 UTC by Santiago Lopez
Modified:	2006-07-02 11:45 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Santiago Lopez 2006-07-02 09:09:34 UTC

(hardened USE flag enabled)

# emerge libextractor

(...)

i686-pc-linux-gnu-gcc -fno-strict-aliasing -march=athlon -O3 -pipe -m3dnow -msse -mmmx -o dictionary-builder dictionary-builder.o
./dictionary-builder ./da da > da.c
dictionary-builder: stack smashing attack in function main()
/bin/sh: line 1: 15002 Abortado                ./dictionary-builder ./da da >da.c
make[3]: *** [da.c] Error 134
make[3]: Leaving directory `/var/tmp/portage/libextractor-0.5.14/work/libextractor-0.5.14/src/plugins/printable'
make[2]: *** [all-recursive] Error 1
make[2]: Leaving directory `/var/tmp/portage/libextractor-0.5.14/work/libextractor-0.5.14/src/plugins'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/var/tmp/portage/libextractor-0.5.14/work/libextractor-0.5.14/src'
make: *** [all-recursive] Error 1

!!! ERROR: media-libs/libextractor-0.5.14 failed.
Call stack:
  ebuild.sh, line 1539:   Called dyn_compile
  ebuild.sh, line 939:   Called src_compile
  libextractor-0.5.14.ebuild, line 29:   Called die






# emerge --info

Portage 2.1-r1 (default-linux/x86/2006.0, gcc-3.4.6, glibc-2.3.6-r4, 2.6.11-gentoo-r11 i686)
=================================================================
System uname: 2.6.11-gentoo-r11 i686 AMD Sempron(tm) 2600+
Gentoo Base System version 1.6.15
ccache version 2.3 [enabled]
dev-lang/python:     2.3.5-r2, 2.4.3-r1
dev-python/pycrypto: 2.0.1-r5
dev-util/ccache:     2.3
dev-util/confcache:  [Not Present]
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.59-r7
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2
sys-devel/binutils:  2.16.1-r3
sys-devel/gcc-config: 1.3.13-r2
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.11-r2
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-march=athlon -O3 -pipe -m3dnow -msse -mmmx"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/ /usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/ /usr/share/texmf/xdvi/ /var/qmail/alias /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/terminfo"
CXXFLAGS="-march=athlon -O3 -pipe -m3dnow -msse -mmmx"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig ccache distlocks loadpolicy metadata-transfer sandbox sfperms strict"
GENTOO_MIRRORS="http://mir.zyrianes.net/gentoo/ http://pandemonium.tiscali.de/pub/gentoo/ ftp://pandemonium.tiscali.de/pub/gentoo/"
LANG="es_ES@euro"
LC_ALL="es_ES@euro"
LINGUAS="es"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="x86 3dnow 3dnowext acpi apache2 bash-completion caps cli crypt cups dlloader dri exiscan-acl foomaticdb ftp gif gnutls hardened imap imlib innodb isdnlog jpeg latin1 libwww lm_sensors login-watch mmx mmxext mounts-check ncurses nis nls nptl nptlonly pam pcre perl png pppd python qmail qt3 qt4 readline reflection sasl session spl ssl suidcheck symlink threads truetype unicode userlocales utf8 vhosts vorbis xml xorg zlib elibc_glibc input_devices_keyboard input_devices_mouse input_devices_evdev kernel_linux linguas_es userland_GNU"
Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LDFLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY

Comment 1 schaedpq 2006-07-02 09:56:18 UTC

Mhmmm. That works without problems on my system, but I am using the hardened profile and not the default profile with 'hardened' manually set.

# emerge --info
Portage 2.1.1_pre1-r2 (hardened/x86/2.6, gcc-3.4.6, glibc-2.3.6-r4, 2.6.14-hardened-r8 i686)
=================================================================
System uname: 2.6.14-hardened-r8 i686 AMD Athlon(tm) 64 Processor 3500+
Gentoo Base System version 1.6.14
distcc 2.18.3 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disabled]
dev-lang/python:     2.4.2
dev-python/pycrypto: 2.0.1-r5
dev-util/ccache:     [Not Present]
dev-util/confcache:  [Not Present]
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.59-r7
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1
sys-devel/binutils:  2.16.1-r2
sys-devel/gcc-config: 1.3.13-r2
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.11-r2
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-mtune=athlon64 -march=athlon64 -O2 -pipe -Wall -ggdb3"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/lib/X11/xkb /usr/share/config /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/ /usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/ /usr/share/texmf/xdvi/"
CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/postfix/sample /etc/revdep-rebuild /etc/terminfo"
CXXFLAGS="-mtune=athlon64 -march=athlon64 -O2 -pipe -Wall -ggdb3"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig distlocks metadata-transfer parallel-fetch sandbox sfperms strict"
GENTOO_MIRRORS="http://linux.rz.ruhr-uni-bochum.de/download/gentoo-mirror"
LINGUAS="de"
PKGDIR="/usr/portage//packages/x86/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage/"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://linux.rz.ruhr-uni-bochum.de/gentoo-portage"
USE="3dnow 3dnowext X a52 acpi alsa ash-completion berkdb bitmap-fonts cdparanoia crypt cups dga dlloader dri dv dvd dvdr dvdread encode font-server glx gtk gtk2 hardened imap isdnlog jabber kde kdeenablefinal live lzo mad matrox mbox mime mjpeg mmx mmxext mozcalendar mozsvg mp3 mpeg mplayer musicbrainz network nls nodrm nptl nptlonly nsplugin offensive ogg opengl pam pam_timestamp pdf pic png quicktime readline real sftplogging sse ssl tcpd theora truetype truetype-fonts type1 type1-fonts userlocales v4l v4l2 vorbis win32codecs x86 xmms xorg xprint xv zlib elibc_glibc input_devices_mouse input_devices_keyboard kernel_linux linguas_de userland_GNU video_cards_nv"
Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, MAKEOPTS, PORTAGE_RSYNC_EXTRA_OPTS

Comment 2 Santiago Lopez 2006-07-02 11:45:23 UTC

Ops, it was my fault. I used -O3 and hardened gcc. 

Compiling with -O2 option it works.