Created attachment 317518 [details] emerge --info for emily (AMD64 system, 10.0 profile, GCC 4.7.1, glibc 2.16.0) After upgrading my sys-libs/glibc to 2.16.0 and my GCC to 4.7.1 (it's set as default compiler, not just merged), netkit-tftp will abort on suspected buffer overflow when attempting to put a file of any size to a host that is either present on the network or not there. From what I can tell, it aborts before even connecting (or at least sending data) to the remote machine. Here is the log: robink@emily ~ $ tftp 192.168.1.20 tftp> mode binary tftp> put u-boot.bin *** buffer overflow detected ***: tftp terminated ======= Backtrace: ========= /lib64/libc.so.6(__fortify_fail+0x37)[0x7fdc1a61e037] /lib64/libc.so.6(+0xfb030)[0x7fdc1a61c030] tftp(sendfile+0xaf)[0x401aaf] tftp[0x40285a] tftp[0x40153f] /lib64/libc.so.6(__libc_start_main+0xf5)[0x7fdc1a545985] tftp[0x40158d] ======= Memory map: ======== 00400000-00405000 r-xp 00000000 00:0e 39042669 /usr/bin/tftp 00604000-00605000 r--p 00004000 00:0e 39042669 /usr/bin/tftp 00605000-00606000 rw-p 00005000 00:0e 39042669 /usr/bin/tftp 00606000-00607000 rw-p 00000000 00:00 0 013bb000-013dc000 rw-p 00000000 00:00 0 [heap] 7fdc19ef6000-7fdc19f0b000 r-xp 00000000 00:0e 38604429 /usr/lib64/gcc/x86_64-pc-linux-gnu/4.7.1/libgcc_s.so.1 7fdc19f0b000-7fdc1a10a000 ---p 00015000 00:0e 38604429 /usr/lib64/gcc/x86_64-pc-linux-gnu/4.7.1/libgcc_s.so.1 7fdc1a10a000-7fdc1a10b000 r--p 00014000 00:0e 38604429 /usr/lib64/gcc/x86_64-pc-linux-gnu/4.7.1/libgcc_s.so.1 7fdc1a10b000-7fdc1a10c000 rw-p 00015000 00:0e 38604429 /usr/lib64/gcc/x86_64-pc-linux-gnu/4.7.1/libgcc_s.so.1 7fdc1a10c000-7fdc1a118000 r-xp 00000000 00:0e 38888413 /lib64/libnss_files-2.16.so 7fdc1a118000-7fdc1a317000 ---p 0000c000 00:0e 38888413 /lib64/libnss_files-2.16.so 7fdc1a317000-7fdc1a318000 r--p 0000b000 00:0e 38888413 /lib64/libnss_files-2.16.so 7fdc1a318000-7fdc1a319000 rw-p 0000c000 00:0e 38888413 /lib64/libnss_files-2.16.so 7fdc1a319000-7fdc1a31f000 r-xp 00000000 00:0e 38888414 /lib64/libnss_db-2.16.so 7fdc1a31f000-7fdc1a51f000 ---p 00006000 00:0e 38888414 /lib64/libnss_db-2.16.so 7fdc1a51f000-7fdc1a520000 r--p 00006000 00:0e 38888414 /lib64/libnss_db-2.16.so 7fdc1a520000-7fdc1a521000 rw-p 00007000 00:0e 38888414 /lib64/libnss_db-2.16.so 7fdc1a521000-7fdc1a6bc000 r-xp 00000000 00:0e 38888425 /lib64/libc-2.16.so 7fdc1a6bc000-7fdc1a8bc000 ---p 0019b000 00:0e 38888425 /lib64/libc-2.16.so 7fdc1a8bc000-7fdc1a8c0000 r--p 0019b000 00:0e 38888425 /lib64/libc-2.16.so 7fdc1a8c0000-7fdc1a8c2000 rw-p 0019f000 00:0e 38888425 /lib64/libc-2.16.so 7fdc1a8c2000-7fdc1a8c6000 rw-p 00000000 00:00 0 7fdc1a8c6000-7fdc1a8e7000 r-xp 00000000 00:0e 38888426 /lib64/ld-2.16.so 7fdc1aa8d000-7fdc1aa90000 rw-p 00000000 00:00 0 7fdc1aae2000-7fdc1aae7000 rw-p 00000000 00:00 0 7fdc1aae7000-7fdc1aae8000 r--p 00021000 00:0e 38888426 /lib64/ld-2.16.so 7fdc1aae8000-7fdc1aae9000 rw-p 00022000 00:0e 38888426 /lib64/ld-2.16.so 7fdc1aae9000-7fdc1aaea000 rw-p 00000000 00:00 0 7fff16a3a000-7fff16a5c000 rw-p 00000000 00:00 0 [stack] 7fff16b80000-7fff16b81000 r-xp 00000000 00:00 0 [vdso] ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall] Aborted The file doesn't matter, and the mode doesn't matter (can be ascii or binary, used binary mode because that's what I mostly use with tftp). I can post gdb or strace output if desired, I just don't know what I'd be looking for so if you could give me a suggestion as to what to try to trigger or grep for, it would be much appreciated. Emerge info in next comment, as an attachment, and online at http://rms3.creosotehill.org/mirror/emerge_info_emily_2012070701.txt . If there is any more information I can provide, please let me know and I will gladly add it to this bug.
emerge --info won't fit in a comment, here's the top part: Portage 2.2.0_alpha84 (default/linux/amd64/10.0, gcc-4.7.1, unavailable, 3.4.0-g4c992ac x86_64) ================================================================= System uname: Linux-3.4.0-g4c992ac-x86_64-AMD_Athlon-tm-_64_X2_Dual_Core_Processor_5600+-with-gentoo-2.0.3 Timestamp of tree: Sat, 07 Jul 2012 08:15:01 +0000 distcc 3.1 x86_64-pc-linux-gnu [disabled] ccache version 2.4 [enabled] app-shells/bash: 4.1_p9 dev-java/java-config: 2.1.11-r3::progress dev-lang/python: 2.4.6, 2.5.4-r4, 2.6.7-r2, 2.7.2-r3, 3.1.4-r3, 3.2.2, 3.3_pre20110410::python dev-util/ccache: 2.4-r7 dev-util/cmake: 2.8.6-r4 dev-util/pkgconfig: 0.26 sys-apps/baselayout: 2.0.3 sys-apps/openrc: 0.9.9.3 sys-apps/sandbox: 2.5 sys-devel/autoconf: 2.13, 2.68 sys-devel/automake: 1.5, 1.7.9-r1, 1.9.6-r3, 1.10.3, 1.11.4 sys-devel/binutils: 2.22-r1 sys-devel/gcc: 4.3.6-r1, 4.4.6-r1, 4.5.3-r2, 4.6.3, 4.7.1 sys-devel/gcc-config: 1.6 sys-devel/libtool: 1.3.5, 2.4-r1 sys-devel/make: 3.82-r1 sys-libs/glibc: 2.16.0
(In reply to comment #1) > emerge --info won't fit in a comment, here's the top part: Attach as a file, then.
I can reproduce, but there is no warning about it either, fun!
I'm having trouble getting to the full backtrace on my tinderbox, if you can get a full backtrace according to http://www.gentoo.org/proj/en/qa/backtraces.xml it would be helpful.
Okay I was able to reproduce it multiple times, with GCC 4.6 and glibc-2.15 as well, so it's definitely not tied to those two systems.
Fixed with a patch... but I think I'll last rite this anyway... any reason you're not using tftp-hpa?
tftp-hpa doesn't talk to my RouterStation Pro's bootloader (I'm not talking U-Boot, I'm talking the bootloader that lets you load the actual bootloader to be used, along with a kernel and initrd/rootfs). It is irreplaceable (you are not allowed to overwrite it, with good reason, it is the only way to recover a bricked OS deployment, and if you brick *it*, well...) and were it rewritable the image is not publicly available (someone would have to write one, or sneak it out of Ubiquiti's software development storage pool). *So*, netkit-tftp (when it works) is my preferred tftp client for talking to devices, because it seems to understand all the quirks of closed-source and free software TFTP servers alike, and never fails to (eventually) get a file pushed. I can try tftp-hpa again, but it never seemed able to push a file to the Ubiquiti BIOS' bootloader, which is what I'm trying to do *right now*.
Created attachment 317592 [details] =net-ftp/netkit-tftp-0.17-r7 backtrace (with debugging symbols) Also, I know you fixed this, but here's my backtrace attached as a file. Lastly, I just checked sources.gentoo.org (gentoo-x86/net-ftp/netkit-tftp/), and the mtime for netkit-tftp-0.17-r7.ebuild is still 15 months ago. Would you be willing to attach your patch or push it to either the tree or an overlay I could pull it from? Thank you very much, and I'm sorry for all the trouble :-)
Oops, failed to hit reload. Sorry, I see it and will pull/install it. If you don't hear from me it works and this bug can remain closed.
that patch is incorrect. simple fix: rm include/arpa/tftp.h
should be all set now in the tree; thanks for the report! Commit message: Fix fortify errors for real http://sources.gentoo.org/net-ftp/netkit-tftp/netkit-tftp-0.17-r8.ebuild?r1=1.1&r2=1.2
