You're receiving this bug because the package in Summary has produced _FORTIFY_SOURCE related warnings indicating the presence of a sure overflow in a static buffer. Even though this is not always an indication of a security problem it might even be. So please check this out ASAP. By the way, _FORTIFY_SOURCE is disabled when you disable optimisation, so don't try finding out the cause using -O0. Thanks, Your friendly neighborhood tinderboxer
Created attachment 271015 [details] Build log (compressed)
hmm seems to be still the case in 6.1.4 /bin/sh ../../libtool --tag=CC --mode=compile x86_64-pc-linux-gnu-gcc -DHAVE_CONFIG_H -I. -I../../libsrc/Dk -fno-strict-aliasing -O2 -Wall -DNDEBUG -DPOINTER_64 -I/var/tmp/portage/dev-db/virtuoso-ser ver-6.1.4/work/virtuoso-opensource-6.1.4/libsrc/Xml.new -DOPENSSL_NO_KRB5 -Dlinux -D_GNU_SOURCE -DFILE64 -D_LARGEFILE64_SOURCE -I../../libsrc -I../../libsrc/Dk -I/usr/include/minizip -I. -I../../libsrc/la ngfunc -I../../libsrc/plugin -I../../libsrc/Tidy -I../../libsrc/Xml.new -I../../libsrc/odbcsdk/include -DVAD -DDBP -DBIF_XPER -DOPSYS=\"Linux\" -DHOST=\"x86_64-pc-linux-gnu\" -march=native -O2 -pipe -ggdb -c - o libwi_la-xmlschema.lo `test -f 'xmlschema.c' || echo './'`xmlschema.c In file included from /usr/include/string.h:642:0, from ../../libsrc/Dk/Dksystem.h:87, from ../../libsrc/Dk.h:40, from http_client.c:41: In function 'strncat', inlined from 'http_cli_negotiate_socks4' at http_client.c:426:15: /usr/include/bits/string3.h:152:3: warning: call to __builtin___strncat_chk might overflow destination buffer [enabled by default]
This issue still exists in upstream git. Also reported upstream: https://github.com/openlink/virtuoso-opensource/issues/4
Created attachment 311633 [details, diff] virtuoso-server-6.1.4-strncat-overflow.patch I commented on the upstream bug, but basically the issue is that a strncat call in http_client.c did not account for the null terminator, so strings of sufficient length would go up to the maximum length of the string, then overflow when adding the null-terminator. My attached patch just changes the maximum length of the appended string + original to be one less than the maximum length, leaving room for a null terminator. I have not fixed the other QA complaints here, just the "maybe overflow" one.
+*virtuoso-server-6.1.4-r1 (13 May 2012) + + 13 May 2012; <creffett@gentoo.org> +virtuoso-server-6.1.4-r1.ebuild, + +files/virtuoso-server-6.1.4-strncat-overflow.patch: + Revision bump to 6.1.4-r1 to fix buffer overflow, bug 364683 If there are any further issues, please reopen.
A note: upstream made the change I suggested on the bug report, so the patch can be removed when 6.1.6 is released.
Created attachment 325288 [details] build.log
i686-pc-linux-gnu-gcc -DHAVE_CONFIG_H -I. -I../../libsrc/Dk -fomit-frame-pointer -fno-strict-aliasing -O2 -Wall -DNDEBUG -I/tmp/portage/dev-db/virtuoso-server-6.1.6/work/vir tuoso-opensource-6.1.6/libsrc/Xml.new -DOPENSSL_NO_KRB5 -Dlinux -D_GNU_SOURCE -DFILE64 -D_LARGEFILE64_SOURCE -I../../libsrc -I../../libsrc/Dk -I../../libsrc/Wi -I../../libsrc/od bcsdk/include -I../../libsrc/langfunc -I../../libsrc/plugin -DUNIX -DUNICODE -D_UNICODE -O2 -march=pentium-m -c -o isqlw-isql.o `test -f 'isql.c' || echo './'`isql.c isql.c: In function 'field_print_normal': isql.c:4743:9: warning: unused variable 'temp' [-Wunused-variable] isql.c: In function 'debug_command': isql.c:5763:8: warning: assignment from incompatible pointer type [enabled by default] isql.c: In function 'rep_loop': isql.c:6408:23: warning: variable 'old_bracelevel' set but not used [-Wunused-but-set-variable] isql.c: In function 'is_set_subcommand_aux': isql.c:8502:11: warning: variable 'stat' set but not used [-Wunused-but-set-variable] isql.c: In function 'isql_main': isql.c:9823:8: warning: passing argument 1 of 'getservbyname' from incompatible pointer type [enabled by default] /usr/include/netdb.h:291:24: note: expected 'const char *' but argument is of type 'wchar_t *' isql.c:9823:8: warning: passing argument 2 of 'getservbyname' from incompatible pointer type [enabled by default] /usr/include/netdb.h:291:24: note: expected 'const char *' but argument is of type 'int *' isql.c: In function 'get_list_of_datasources': isql.c:10102:7: warning: passing argument 2 of 'my_strncat' from incompatible pointer type [enabled by default] isql.c:1044:1: note: expected 'const wchar_t *' but argument is of type 'char *' In file included from /usr/include/wchar.h:881:0, from ../../libsrc/util/utf8funs.h:34, from ../../libsrc/libutil.h:41, from isql.c:27: In function 'wcsncpy', inlined from 'debug_command' at isql.c:5742:19: /usr/include/bits/wchar2.h:201:2: warning: call to '__wcsncpy_chk_warn' declared with attribute warning: wcsncpy called with length bigger than size of destination buffer [enabled by default]
Opened a new bug upstream for the issue identified by Agostino: https://github.com/openlink/virtuoso-opensource/issues/21
Package removed from tree. https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0b8e1118cc57cbd0f1d08eba405f8a3e6e62a84a
