Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 332255 - net-analyzer/iptraf overflows buffers
Summary: net-analyzer/iptraf overflows buffers
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: New packages (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Netmon project
Depends on:
Blocks: fortify-source 305781
  Show dependency tree
Reported: 2010-08-11 14:04 UTC by Matt
Modified: 2010-11-28 09:28 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Matt 2010-08-11 14:04:29 UTC
version is 3.0.0-r5

                      │ IP traffic monitor              *** buffer overflow detected ***: iptraf - terminatedal interface statistics    │
                      │ Detaiiptraf: buffer overflow attack in function <unknown> - terminated        │ Statistical breakdowns...       │
              Report to         │

when compiling it with -U_FORTIFY_SOURCE (disabling it) it works fine

it crashes as soon as:

"IP traffic monitor" is selected via [ENTER]

it also seems to work fine with -D_FORTIFY_SOURCE=1 (less checking?)

so the preferred method would be to 

*) either replace -D_FORTIFY_SOURCE=2 with -D_FORTIFY_SOURCE=1

*) explicitely set -D_FORTIFY_SOURCE=1

this in addition to the default toolchain adds some checks with minimal runtime

the best would be to fix it upstream:
Comment 1 Jeroen Roovers (RETIRED) gentoo-dev 2010-08-11 15:45:35 UTC
Try net-analyzer/iptraf-ng (see bug #305781
Comment 2 Justin Lecher (RETIRED) gentoo-dev 2010-11-28 09:28:55 UTC
+*iptraf-3.0.0-r6 (28 Nov 2010)
+  28 Nov 2010; Justin Lecher <>
+  +files/3.0.0-buffer-overflow.patch, +iptraf-3.0.0-r6.ebuild:
+  Fixes for overflows buffers taken from debian