> Saw an app called gip (net-misc/gip) and emerged it. > Description: a nice GNOME GUI for making IP address based calculations. > But when tring to run it was stopped by PaX, see: > ...CUT... > $gip > gip: stack smashing attack in function short int ipv4_ip2integer(const > char*, unsigned int*)() it's not PaX but ssp (stach smashing protector). > Maybe it's a bug or something else. > Should i file a bug on it. it's a bug and you should file a bug, preferably upstream. the problem is that the call to regexp_match_grab() will fill in the matches array, except it's too small because there's no room for the NULL terminator (the regexp will match the 4 octets of the IP address, so the array should have 4+1 elements, not 4). PS:using strace gip freezes my computer hard. Reproducible: Always Steps to Reproduce: 1. 2. 3.
Rumen, Thanks for catching this. I've never used this software and it has more deps that I'm willing to install. Could you please attach a patch with the corrected buffer sizes?
Taking a slightly closer look, this thing was designed rather poolrly and there are other places where this same problem will exist. Can you try appending this function to the .ebuild and tell us if it solves the problem at hand for you. src_unpack() { unpack ${A} sed -i -e s/"*matches\["/"*matches\[1+"/g ${S}/src/lib_ipv4.c }
Hi, Applyed the patch at comment#2: problem solved. Thanks. Rumen
Created attachment 34190 [details, diff] Patch to src/lib_ipv4.c to fix this bug
I have applied this fix to the ebuild over on Bug #55055 and committed it to CVS. I have also sent the attached patch (attachment #34190 [details, diff]), which was generated by running solar's sed command, upstream. The upstream author got back to me in a day when I emailed him to tell him that Gip was in Portage, so I expect a speedy response here, as well. :) Rumen, blagodarya mnogo za burzata reakcia! Solar, thanks for the fix! Closing this bug.
Upstream has accepted the patch for the next release. Good work, guys! :)
