Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 362327 - net-misc/connman _FORTIFY_SOURCE indicates presence of overflow
Summary: net-misc/connman _FORTIFY_SOURCE indicates presence of overflow
Status: RESOLVED TEST-REQUEST
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: High major (vote)
Assignee: Tony Vroon
URL:
Whiteboard:
Keywords:
Depends on:
Blocks: fortify-source
  Show dependency tree
 
Reported: 2011-04-06 18:20 UTC by Diego Elio Pettenò (RETIRED)
Modified: 2012-03-19 12:21 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
Build log (connman-0.71:20110406-163707.log,12.45 KB, text/plain)
2011-04-06 18:20 UTC, Diego Elio Pettenò (RETIRED)
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Diego Elio Pettenò (RETIRED) gentoo-dev 2011-04-06 18:20:48 UTC
Created attachment 268747 [details]
Build log

You're receiving this bug because the package in Summary has produced _FORTIFY_SOURCE related warnings indicating the presence of a sure overflow in a static buffer.

Even though this is not always an indication of a security problem it might even be. So please check this out ASAP.

By the way, _FORTIFY_SOURCE is disabled when you disable optimisation, so don't try finding out the cause using -O0.

Thanks,
Your friendly neighborhood tinderboxer
Comment 1 David J Cozatt 2011-04-10 14:47:05 UTC
from his build log  net-misc/connman-0.71

I ran cppcheck against the static sources of 0.71 and several memory leaks are fixed in git. Doubt this is related though. 

http://git.kernel.org/?p=network/connman/connman.git;a=log;h=refs/tags/0.72
Comment 2 David J Cozatt 2011-04-17 21:25:57 UTC
I did not confirm Diego's report I trust his build log. I have installed connman 0.72 with 

david@random ~ $ less /etc/make.conf | grep CFLAGS
CFLAGS="-march=native -O2 -ggdb -D_FORTIFY_SOURCE=2 -pipe"
CXXFLAGS="${CFLAGS}"

Further
david@random ~ $ less /etc/make.conf | grep qa    
PORTAGE_ELOG_CLASSES="warn qa error info log"

There was no report of the mentioned overflow for 0.72. This is not a hardened or 686 as his may/seems to be though but x86_64 Assuming I passed the flag properly

net-misc/connman-0.72 was built with the following:
USE="caps doc ethernet examples (multilib) policykit threads tools wifi -bluetooth -debug -google -ntpd -ofono -openvpn -vpnc -wimax"

I do not see this on 0.72 with tuxmobl which is x86 and stable with -D_FORTIFY_SOURCE=1 added to CFLAGS
Comment 3 Diego Elio Pettenò (RETIRED) gentoo-dev 2011-04-17 23:17:11 UTC
Do note that gcc version and architecture do influence the constant propagation, and thus the warnings.
Comment 4 David J Cozatt 2011-04-20 21:36:34 UTC
(In reply to comment #3)
> Do note that gcc version and architecture do influence the constant
> propagation, and thus the warnings.

Noted. However you do not have emerge --info and so I was unable to say exactly what your CFLAGS were though  I did miss the x86 USE flag ;-) that was in the build log.

I was just trying to get the same message with 0.72 so I could report it on the mailing list. Or install 0.71 get the same message you did with 0.72 showing it fixed report it fixed here in that version
Comment 5 Tony Vroon gentoo-dev 2011-12-25 12:31:01 UTC
Diego, I am unable to reproduce this with 0.78; can you confirm it is fixed please?
Comment 6 Pacho Ramos gentoo-dev 2012-03-19 12:21:40 UTC
(In reply to comment #5)
> Diego, I am unable to reproduce this with 0.78; can you confirm it is fixed
> please?