Menu
▾
▴
Re: [X10-users] Managed X10: BufferOverflow at X10Launcher
|
From: David P G. <gr...@us...> - 2016-11-23 15:30:49
|
ok. makes sense. libc probably has been updated to be more defensive about possible buffer overflows. I'll apply the change to the head. Google found me this: http://refspecs.linux-foundation.org/LSB_4.0.0/LSB-Core-generic/LSB-Core-generic/libc---realpath-chk-1.html The interface __realpath_chk() shall function in the same way as the interface realpath(), except that __realpath_chk() shall check for buffer overflow before computing a result. If an overflow is anticipated, the function shall abort and the program calling it shall exit. The parameter resolved_len specifies the size of the string resolved_path. If resolved_len is less than PATH_MAX, then the function shall abort, and the program calling it shall exit. The __realpath_chk() function is not in the source standard; it is only in the binary standard. --dave From: Jonas Posner <jon...@un...> To: Mailing list for users of the X10 programming language <x10...@li...> Date: 11/23/2016 10:19 AM Subject: Re: [X10-users] Managed X10: BufferOverflow at X10Launcher I changed the 512 to PATH_MAX in Launcher.h and it works! Btw, my export of X10_HOSTFILE is only 30 charactes long. Thanks, Jonas Am 23.11.2016 um 15:32 schrieb David P Grove: > Jonas Posner <jon...@un...> wrote on 11/23/2016 04:20:51 AM: >> >> ==19578== Process terminating with default action of signal 6 (SIGABRT) >> ==19578== at 0x508C428: raise (raise.c:54) >> ==19578== by 0x508E029: abort (abort.c:89) >> ==19578== by 0x50CE7E9: __libc_message (libc_fatal.c:175) >> ==19578== by 0x516F56B: __fortify_fail (fortify_fail.c:37) >> ==19578== by 0x516D56F: __chk_fail (chk_fail.c:28) >> ==19578== by 0x516DAF3: __realpath_chk (realpath_chk.c:29) >> ==19578== by 0x402601: realpath (stdlib.h:45) >> ==19578== by 0x402601: Launcher::initialize(int, char**) >> (Launcher_Init.cc:184) >> ==19578== by 0x40295D: Launcher::Setup(int, char**) > (Launcher_Init.cc:62) >> ==19578== by 0x401D10: main (main.cc:56) >> >> >> When I unset X10_HOSTFILE, "X10Launcher Hello" has no buffer overflow. >> > > Thanks, that helps. > > In Launcher.h line 122 defines a fixed-size buffer that is passed into > realpath: > > char _hostfname[512]; /* host file name */ > > My guess is that the expansion of symbolic links in the value you are > using for X10_HOSTFILE causes it to exceed the buffer length. There are > two possible fixes: > (1) change the 512 to PATH_MAX in Launcher.h > (2) change to dynamic allocation of the buffer for _hostfname by > changing the declaration to be a char*, setting it to NULL in the init > routine, passing NULL as the second argument to realpath and storing the > returned non-NULL results in _hostfname. > > Would you mind trying to see if this fixes the problem? > > thanks, > > --dave > > > > ------------------------------------------------------------------------------ > > > > _______________________________________________ > X10-users mailing list > X10...@li... > https://lists.sourceforge.net/lists/listinfo/x10-users > -- Jonas Posner Universitaet Kassel Fachbereich 16 Elektrotechnik/Informatik Fachgebiet Programmiersprachen/-methodik Wilhelmshoeher Allee 71-73 34121 Kassel, Germany Phone: +49 (0)561 804-6498 Fax: +49 (0)561 804-6219 mailto: jon...@un... www.uni-kassel.de ------------------------------------------------------------------------------ _______________________________________________ X10-users mailing list X10...@li... https://lists.sourceforge.net/lists/listinfo/x10-users |
