Summary: | net-misc/connman _FORTIFY_SOURCE indicates presence of overflow | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Diego Elio Pettenò (RETIRED) <flameeyes> |
Component: | Current packages | Assignee: | Tony Vroon (RETIRED) <chainsaw> |
Status: | RESOLVED TEST-REQUEST | ||
Severity: | major | CC: | hardened |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 259417 | ||
Attachments: | Build log |
from his build log net-misc/connman-0.71 I ran cppcheck against the static sources of 0.71 and several memory leaks are fixed in git. Doubt this is related though. http://git.kernel.org/?p=network/connman/connman.git;a=log;h=refs/tags/0.72 I did not confirm Diego's report I trust his build log. I have installed connman 0.72 with david@random ~ $ less /etc/make.conf | grep CFLAGS CFLAGS="-march=native -O2 -ggdb -D_FORTIFY_SOURCE=2 -pipe" CXXFLAGS="${CFLAGS}" Further david@random ~ $ less /etc/make.conf | grep qa PORTAGE_ELOG_CLASSES="warn qa error info log" There was no report of the mentioned overflow for 0.72. This is not a hardened or 686 as his may/seems to be though but x86_64 Assuming I passed the flag properly net-misc/connman-0.72 was built with the following: USE="caps doc ethernet examples (multilib) policykit threads tools wifi -bluetooth -debug -google -ntpd -ofono -openvpn -vpnc -wimax" I do not see this on 0.72 with tuxmobl which is x86 and stable with -D_FORTIFY_SOURCE=1 added to CFLAGS Do note that gcc version and architecture do influence the constant propagation, and thus the warnings. (In reply to comment #3) > Do note that gcc version and architecture do influence the constant > propagation, and thus the warnings. Noted. However you do not have emerge --info and so I was unable to say exactly what your CFLAGS were though I did miss the x86 USE flag ;-) that was in the build log. I was just trying to get the same message with 0.72 so I could report it on the mailing list. Or install 0.71 get the same message you did with 0.72 showing it fixed report it fixed here in that version Diego, I am unable to reproduce this with 0.78; can you confirm it is fixed please? (In reply to comment #5) > Diego, I am unable to reproduce this with 0.78; can you confirm it is fixed > please? |
Created attachment 268747 [details] Build log You're receiving this bug because the package in Summary has produced _FORTIFY_SOURCE related warnings indicating the presence of a sure overflow in a static buffer. Even though this is not always an indication of a security problem it might even be. So please check this out ASAP. By the way, _FORTIFY_SOURCE is disabled when you disable optimisation, so don't try finding out the cause using -O0. Thanks, Your friendly neighborhood tinderboxer