icmake disables FORTIFY

Bug #301624 reported by Kees Cook
Affects Status Importance Assigned to Milestone
icmake (Ubuntu)
Luca Falavigna

Bug Description

Binary package hint: icmake

The fix for bug #301562 disabled FORTIFY instead of fixing the underlying problems. This is a place-holder bug to make sure icmake gets fixed. :)

Related branches

Revision history for this message
Kees Cook (kees) wrote :

Running icmake in gdb should help identify the abort locations.

Changed in icmake:
assignee: nobody → dktrkranz
importance: Undecided → Medium
milestone: none → jaunty-alpha-4
status: New → Confirmed
Revision history for this message
Luca Falavigna (dktrkranz) wrote :

Offending code is in comp/backend.c, strcpy function:

    outbin(&opexit, sizeof(INT8)); /* generate op_ret at the end */
    strcpy(hdr.version, &version); /* set the version */
    hdr.offset[0] = ftell(s_bin); /* here the strings start */

Changed in icmake:
status: Confirmed → Triaged
Revision history for this message
Kees Cook (kees) wrote : Re: [Bug 301624] Re: icmake disables FORTIFY

hdr.version is defined as: char version[4]. "version" is extern, so the
length is unknown at compile time. At runtime, however, the problem
happens, as "version" is ultimately defined as "7.11.1" via rss/version.c
and /VERSION. This is a real overflow. I recommend the following patch to
for the moment until upstream has a better suggestion:

strncpy(hdr.version, version, sizeof(hdr.version));

this will leave the hdr.version unterminated, but based on other code that
tries to read it, this field appears to be evaluated not as a string, so
it's likely to be okay. If not, use:

strncpy(hdr.version, version, sizeof(hdr.version));

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package icmake - 7.11.1-1ubuntu2

icmake (7.11.1-1ubuntu2) jaunty; urgency=low

  * comp/backend.c: use strncpy instead of strcpy to fix a runtime
    buffer overflow while assigning version number to icmake header.
    It is no longer necessary to compile with -U_FORTIFY_SOURCE in
    bootstrap.sh, thanks to Kees Cook (LP: #301624).

 -- Luca Falavigna <email address hidden> Mon, 24 Nov 2008 23:52:26 +0100

Changed in icmake:
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers