Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 364683 - dev-db/virtuoso-server _FORTIFY_SOURCE indicates presence of overflow
Summary: dev-db/virtuoso-server _FORTIFY_SOURCE indicates presence of overflow
Status: RESOLVED INVALID
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: High major (vote)
Assignee: Maciej Mrozowski
URL: https://github.com/openlink/virtuoso-...
Whiteboard: Removed on 2015/09/17
Keywords:
Depends on:
Blocks: fortify-source
  Show dependency tree
 
Reported: 2011-04-24 14:56 UTC by Diego Elio Pettenò (RETIRED)
Modified: 2015-09-17 10:30 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
Build log (compressed) (virtuoso-server-6.1.3:20110423-205226.log.xz,86.86 KB, application/x-xz)
2011-04-24 14:57 UTC, Diego Elio Pettenò (RETIRED)
Details
virtuoso-server-6.1.4-strncat-overflow.patch (virtuoso-server-6.1.4-strncat-overflow.patch,421 bytes, patch)
2012-05-13 15:18 UTC, Chris Reffett
Details | Diff
build.log (virtuoso-server-6.1.6:20120916-155535.log,652.97 KB, text/plain)
2012-09-29 10:19 UTC, Agostino Sarubbo
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Diego Elio Pettenò (RETIRED) gentoo-dev 2011-04-24 14:56:49 UTC
You're receiving this bug because the package in Summary has produced _FORTIFY_SOURCE related warnings indicating the presence of a sure overflow in a static buffer.

Even though this is not always an indication of a security problem it might even be. So please check this out ASAP.

By the way, _FORTIFY_SOURCE is disabled when you disable optimisation, so don't try finding out the cause using -O0.

Thanks,
Your friendly neighborhood tinderboxer
Comment 1 Diego Elio Pettenò (RETIRED) gentoo-dev 2011-04-24 14:57:31 UTC
Created attachment 271015 [details]
Build log (compressed)
Comment 2 Andreas K. Hüttel gentoo-dev 2011-12-10 18:06:26 UTC
hmm seems to be still the case in 6.1.4

/bin/sh ../../libtool  --tag=CC   --mode=compile x86_64-pc-linux-gnu-gcc -DHAVE_CONFIG_H -I. -I../../libsrc/Dk    -fno-strict-aliasing -O2  -Wall  -DNDEBUG -DPOINTER_64   -I/var/tmp/portage/dev-db/virtuoso-ser
ver-6.1.4/work/virtuoso-opensource-6.1.4/libsrc/Xml.new  -DOPENSSL_NO_KRB5 -Dlinux -D_GNU_SOURCE -DFILE64 -D_LARGEFILE64_SOURCE   -I../../libsrc -I../../libsrc/Dk -I/usr/include/minizip   -I. -I../../libsrc/la
ngfunc -I../../libsrc/plugin -I../../libsrc/Tidy -I../../libsrc/Xml.new -I../../libsrc/odbcsdk/include -DVAD -DDBP -DBIF_XPER -DOPSYS=\"Linux\" -DHOST=\"x86_64-pc-linux-gnu\" -march=native -O2 -pipe -ggdb -c -
o libwi_la-xmlschema.lo `test -f 'xmlschema.c' || echo './'`xmlschema.c
In file included from /usr/include/string.h:642:0,
                 from ../../libsrc/Dk/Dksystem.h:87,
                 from ../../libsrc/Dk.h:40,
                 from http_client.c:41:
In function 'strncat',
    inlined from 'http_cli_negotiate_socks4' at http_client.c:426:15:
/usr/include/bits/string3.h:152:3: warning: call to __builtin___strncat_chk might overflow destination buffer [enabled by default]
Comment 3 Michael Palimaka (kensington) gentoo-dev 2012-04-09 19:58:48 UTC
This issue still exists in upstream git. Also reported upstream: https://github.com/openlink/virtuoso-opensource/issues/4
Comment 4 Chris Reffett gentoo-dev Security 2012-05-13 15:18:10 UTC
Created attachment 311633 [details, diff]
virtuoso-server-6.1.4-strncat-overflow.patch

I commented on the upstream bug, but basically the issue is that a strncat call in http_client.c did not account for the null terminator, so strings of sufficient length would go up to the maximum length of the string, then overflow when adding the null-terminator. My attached patch just changes the maximum length of the appended string + original to be one less than the maximum length, leaving room for a null terminator. I have not fixed the other QA complaints here, just the "maybe overflow" one.
Comment 5 Chris Reffett gentoo-dev Security 2012-05-13 18:41:48 UTC
+*virtuoso-server-6.1.4-r1 (13 May 2012)
+
+  13 May 2012; <creffett@gentoo.org> +virtuoso-server-6.1.4-r1.ebuild,
+  +files/virtuoso-server-6.1.4-strncat-overflow.patch:
+  Revision bump to 6.1.4-r1 to fix buffer overflow, bug 364683

If there are any further issues, please reopen.
Comment 6 Chris Reffett gentoo-dev Security 2012-07-23 15:06:29 UTC
A note: upstream made the change I suggested on the bug report, so the patch can be removed when 6.1.6 is released.
Comment 7 Agostino Sarubbo gentoo-dev 2012-09-29 10:19:27 UTC
Created attachment 325288 [details]
build.log
Comment 8 Agostino Sarubbo gentoo-dev 2012-09-29 10:20:01 UTC
i686-pc-linux-gnu-gcc -DHAVE_CONFIG_H -I. -I../../libsrc/Dk    -fomit-frame-pointer -fno-strict-aliasing -O2  -Wall  -DNDEBUG   -I/tmp/portage/dev-db/virtuoso-server-6.1.6/work/vir
tuoso-opensource-6.1.6/libsrc/Xml.new  -DOPENSSL_NO_KRB5 -Dlinux -D_GNU_SOURCE -DFILE64 -D_LARGEFILE64_SOURCE   -I../../libsrc -I../../libsrc/Dk -I../../libsrc/Wi -I../../libsrc/od
bcsdk/include -I../../libsrc/langfunc -I../../libsrc/plugin -DUNIX -DUNICODE -D_UNICODE  -O2 -march=pentium-m -c -o isqlw-isql.o `test -f 'isql.c' || echo './'`isql.c
isql.c: In function 'field_print_normal':
isql.c:4743:9: warning: unused variable 'temp' [-Wunused-variable]
isql.c: In function 'debug_command':
isql.c:5763:8: warning: assignment from incompatible pointer type [enabled by default]
isql.c: In function 'rep_loop':
isql.c:6408:23: warning: variable 'old_bracelevel' set but not used [-Wunused-but-set-variable]
isql.c: In function 'is_set_subcommand_aux':
isql.c:8502:11: warning: variable 'stat' set but not used [-Wunused-but-set-variable]
isql.c: In function 'isql_main':
isql.c:9823:8: warning: passing argument 1 of 'getservbyname' from incompatible pointer type [enabled by default]
/usr/include/netdb.h:291:24: note: expected 'const char *' but argument is of type 'wchar_t *'
isql.c:9823:8: warning: passing argument 2 of 'getservbyname' from incompatible pointer type [enabled by default]
/usr/include/netdb.h:291:24: note: expected 'const char *' but argument is of type 'int *'
isql.c: In function 'get_list_of_datasources':
isql.c:10102:7: warning: passing argument 2 of 'my_strncat' from incompatible pointer type [enabled by default]
isql.c:1044:1: note: expected 'const wchar_t *' but argument is of type 'char *'
In file included from /usr/include/wchar.h:881:0,
                 from ../../libsrc/util/utf8funs.h:34,
                 from ../../libsrc/libutil.h:41,
                 from isql.c:27:
In function 'wcsncpy',
    inlined from 'debug_command' at isql.c:5742:19:
/usr/include/bits/wchar2.h:201:2: warning: call to '__wcsncpy_chk_warn' declared with attribute warning: wcsncpy called with length bigger than size of destination buffer [enabled by default]
Comment 9 Michael Palimaka (kensington) gentoo-dev 2012-10-17 13:59:26 UTC
Opened a new bug upstream for the issue identified by Agostino:
https://github.com/openlink/virtuoso-opensource/issues/21
Comment 10 Johannes Huber gentoo-dev 2015-09-17 10:30:38 UTC
Package removed from tree.

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0b8e1118cc57cbd0f1d08eba405f8a3e6e62a84a