Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 329039

Summary: net-libs/openslp-1.2.1-r1 has buffer overflow with memcpy() on 64-bit architectures
Product: Gentoo Linux Reporter: SpanKY <vapier>
Component: Current packagesAssignee: Printing Team <printing>
Severity: normal CC: enviouzproductionz07, m.debruijne
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 259417    
Attachments: memcpy should copy sizeof(struct in_addr) not sizeof(addr)

Description SpanKY gentoo-dev 2010-07-20 03:03:40 UTC
if x86_64-pc-linux-gnu-gcc -DHAVE_CONFIG_H -I. -I. -I.. -I../common -I../libslpattr -I. -I../libslp -DETCDIR=\"/etc\"  -DVARDIR=\"/var\"  -DCPPFLAGS_TEST  -DNDEBUG -D_REENTRANT=1 -O2 -march=k8 -pipe -g -Wimplicit-function-declaration -DLINUX -Wall -O3 -MT slpd_socket.o -MD -MP -MF ".deps/slpd_socket.Tpo" -c -o slpd_socket.o slpd_socket.c; \
        then mv -f ".deps/slpd_socket.Tpo" ".deps/slpd_socket.Po"; else rm -f ".deps/slpd_socket.Tpo"; exit 1; fi
In file included from /usr/include/string.h:640:0,
                 from slpd_unistd.h:56,
                 from slpd.h:62,
                 from slpd_socket.h:53,
                 from slpd_socket.c:53:
In function ‘memcpy’,
    inlined from ‘DropSLPMulticastGroup’ at slpd_socket.c:186:11:
/usr/include/bits/string3.h:52:3: warning: call to __builtin___memcpy_chk will always overflow destination buffer

Portage 2.2_rc67 (default/linux/amd64/10.0/developer, gcc-4.5.0, glibc-2.11.2-r0, 2.6.34 x86_64)
System uname: Linux-2.6.34-x86_64-AMD_Phenom-tm-_II_X4_945_Processor-with-gentoo-2.0.1
Timestamp of tree: Sun, 18 Jul 2010 04:15:03 +0000
distcc 3.1 x86_64-pc-linux-gnu [disabled]
ccache version 2.4 [enabled]
app-shells/bash:     4.1_p7
dev-lang/python:     2.4.6, 2.6.5-r3, 3.1.2-r4
dev-util/ccache:     2.4-r8
dev-util/cmake:      2.8.1-r2
sys-apps/baselayout: 2.0.1
sys-apps/openrc:     0.6.1-r1
sys-apps/sandbox:    2.2
sys-devel/autoconf:  2.13, 2.65-r1
sys-devel/automake:  1.4_p6-r1, 1.5-r1, 1.6.3-r1, 1.7.9-r2, 1.8.5-r4, 1.9.6-r3, 1.10.3, 1.11.1
sys-devel/binutils:, 2.16-r1, 2.16.1, 2.16.1-r3,,,,,,,,, 2.16.92, 2.16.93, 2.16.94, 2.17-r1,,,,,,,,,,,,,,,,,, 2.18-r2,,,,,,,,,, 2.19, 2.19.1-r1,,,,,,,,,,,, 2.20, 2.20.1-r1,,,,,,,,,
sys-devel/gcc:, 3.3.6-r1,, 3.4.4-r1, 3.4.5-r1, 3.4.6-r2, 4.0.0, 4.0.1, 4.0.2-r3, 4.0.3, 4.0.4, 4.1.0-r1, 4.1.1-r3, 4.1.2, 4.2.0, 4.2.1, 4.2.2, 4.2.3, 4.2.4-r1, 4.3.0, 4.3.1-r1, 4.3.2-r4, 4.3.3-r2, 4.3.4, 4.3.5, 4.4.0-r1, 4.4.1, 4.4.2, 4.4.3-r3, 4.4.4-r1, 4.5.0
sys-devel/gcc-config: 1.5
sys-devel/libtool:   2.2.10
virtual/os-headers:  2.6.34
ACCEPT_KEYWORDS="amd64 ~amd64"
CFLAGS="-O2 -march=k8 -pipe -g -Wimplicit-function-declaration"
CONFIG_PROTECT="/etc /usr/share/X11/xkb /usr/share/config"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/eselect/postgresql /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c"
CXXFLAGS="-O2 -march=k8 -pipe -g"
FEATURES="assume-digests buildsyspkg ccache collision-protect cvs distlocks fixpackages multilib-strict news noinfo parallel-fetch preserve-libs protect-owned sandbox sfperms sign splitdebug stricter test-fail-continue unmerge-logs unmerge-orphans userfetch userpriv usersandbox"
LDFLAGS="-Wl,-O1 -Wl,--hash-style=gnu"
LINGUAS="en en_US en_GB de"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTDIR_OVERLAY="/usr/local/portage /usr/local/src/gentoo/overlays/vapier/enlightenment"
USE="3dnow X a52 aac aalib acl acpi adns agg aio alsa amd64 apache2 asf aspell audiofile berkdb bitmap-fonts bzip2 cairo caps cdaudio cddb cdparanoia cdr cli console cracklib crypt css ctype cups curl cvs cxx dba dbus divx4linux dri dts dvb dvd dvdr dvdread emboss encode exif expat extensions fbcon ffmpeg firefox flac flash fluidsynth fortran ftp gcj gd gif glib glitz glut gmp gphoto2 gpm gtk gtk2 htmlhandbook iconv imap imlib ipv6 jbig joystick jpeg jpeg2k kde kpathsea lcms libcaca libedit libnotify lzo lzw mad maildir matroska mikmod mime mjpeg mmx mng modplug modules mp3 mp4 mpeg mplayer mtp mudflap multilib multislot musepack mysql ncurses network nls nptl nptlonly nsplugin nvidia objc objc-gc offensive ogg oggvorbis openal opengl openmp pango pcre pdf perl pic png ppds pppd python qt3support qt4 quicktime readline redland reflection rss samba sdl session smp sndfile snmp speex spell spl sql sqlite sse sse2 ssl startup-notification subtitles subversion svg sysfs syslog tcl tcltk tcpd tga theora threads tiff tk truetype truetype-fonts type1-fonts unicode upnp usb vcd video vnc vorbis wavpack webkit wma wmf x264 xanim xattr xcb xcomposite xine xinerama xinetd xml xml2 xorg xpm xrandr xulrunner xv xvid xvmc zip zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CAMERAS="canon" ELIBC="glibc" INPUT_DEVICES="mouse keyboard joystick void" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en en_US en_GB de" RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="nvidia nv ati r128 radeon radeonhd vga sisusb" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" 
Comment 1 jeremy 2010-09-13 07:46:23 UTC
i solved this temporarily by adding CFLAGS="${CFLAGS} -D_FORTIFY_SOURCE=0" to the emerge command like so

CFLAGS="${CFLAGS} -D_FORTIFY_SOURCE=0" emerge openslp

And it compiled without showing that error. I dont know much about writing ebuilds or i would make a patch. I dont know where at in the ebuild i would add CFLAGS="${CFLAGS} -D_FORTIFY_SOURCE=0"
Comment 2 SpanKY gentoo-dev 2010-09-14 14:32:48 UTC
that probably doesnt do what you think it's doing.  probably better to do:
Comment 3 jeremy 2010-09-15 15:22:56 UTC

Thanks ill give that a try and see what happens. What exactly is the difference between




It was just a solution i found while googling for a fix to this bug. It never said what it did exactly and it was for a totally different package (zsnes) butr the error was the same so i thought i would give it a try.
Comment 4 Joseph Yasi 2010-09-18 21:28:37 UTC
Created attachment 247907 [details, diff]
memcpy should copy sizeof(struct in_addr) not sizeof(addr)

sizeof(addr) will return the size of a pointer, not the size of struct in_addr, the item being copied.
Comment 5 Andreas K. Hüttel archtester gentoo-dev 2012-01-24 22:27:50 UTC
(In reply to comment #4)
> Created attachment 247907 [details, diff] [details, diff]
> memcpy should copy sizeof(struct in_addr) not sizeof(addr)
> sizeof(addr) will return the size of a pointer, not the size of struct in_addr,
> the item being copied.

Fixed in openslp-1.2.1-r2. Thank you!