[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug #23029] autogsdoc buffer overflow in gnustep-base 1.14.2 and 1.14.3
|
From: |
Gareth Armstrong |
|
Subject: |
[bug #23029] autogsdoc buffer overflow in gnustep-base 1.14.2 and 1.14.3 on Rhel 5 |
|
Date: |
Wed, 23 Apr 2008 14:01:32 +0000 |
|
User-agent: |
Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1.13) Gecko/20080325 Fedora/2.0.0.13-1.fc8 Firefox/2.0.0.13 |
URL:
<http://savannah.gnu.org/bugs/?23029>
Summary: autogsdoc buffer overflow in gnustep-base 1.14.2
and 1.14.3 on Rhel 5
Project: GNUstep
Submitted by: garmstrong
Submitted on: Wednesday 04/23/2008 at 14:01
Category: Base/Foundation
Severity: 3 - Normal
Item Group: Bug
Status: None
Privacy: Public
Assigned to: None
Open/Closed: Open
Discussion Lock: Any
_______________________________________________________
Details:
Hello Folks,
while trying to test a gnusetp-base 1.14.2 rpm pkg that I put together (with
the autogsdoc binary from that pkg) on a Rhel5.1-Server-i386 platform with
SELinux enabled (this is a must for us), I identified the cases below. Have
you seen similar problems? In all the cases below, the following were used:
gnustep-make 2.0.5
gnustep-base 1.14.2
ffcall 1.10
I have seen the same on Rhel5.1 and Fedora 8 x86_64 platforms also. Updating
to gnustep-base 1.14.3 with libffi 3.0.5 still results in buffer overflow for
autogsdoc and some of the other gnustep-base binaries.
Best regards,
Gareth
1) SELinux Enabled, no tweaks.
[root@shrek6 ~]# autogsdoc
trampoline: cannot make memory executable
Aborted (core dumped)
Replacing ffcall with libffi 3.0.5 (http://sourceware.org/libffi/) corrects
this problem and is probably the way to go to be clean. gnustep-base compiles
cleanly with libffi but still results in case 2 below. libffi is now actively
maintained which is not the case with ffcall. However, even with libffi,
autogsdoc still has a buffer overflow.
2) SELinux Enabled but tweaked to "Allow unconfined executables to make their
heap memory executable..." (VERY bad idea).
[root@shrek6 ~]# autogsdoc
*** buffer overflow detected ***: autogsdoc terminated
======= Backtrace: =========
/lib/libc.so.6(__chk_fail+0x41)[0x4c8131]
/lib/libc.so.6[0x4c8878]
/usr/lib/libgnustep-base.so.1.14[0xb4d2cc]
/usr/lib/libgnustep-base.so.1.14[0xb525eb]
/usr/lib/libgnustep-base.so.1.14(GNUstepConfig+0x507)[0xb0ad87]
/usr/lib/libgnustep-base.so.1.14[0xb04474]
/usr/lib/libgnustep-base.so.1.14(GSDefaultsRootForUser+0x1c)[0xb0b08c]
/usr/lib/libgnustep-base.so.1.14[0xb79d95]
/usr/lib/libgnustep-base.so.1.14[0xb79d56]
/usr/lib/libgnustep-base.so.1.14[0xb7e8a2]
autogsdoc(gnustep_base_user_main+0x100)[0x8049240]
/usr/lib/libgnustep-base.so.1.14(main+0x4e)[0xb1de7e]
/lib/libc.so.6(__libc_start_main+0xdc)[0x3fbdec]
autogsdoc(main+0x35)[0x8049051]
======= Memory map: ========
00110000-00112000 r-xp 00000000 fd:06 1278196 /usr/lib/gconv/UTF-16.so
00112000-00114000 rwxp 00001000 fd:06 1278196 /usr/lib/gconv/UTF-16.so
00119000-0011b000 r-xp 00000000 fd:06 1278010 /usr/lib/gconv/EUC-KR.so
0011b000-0011d000 rwxp 00001000 fd:06 1278010 /usr/lib/gconv/EUC-KR.so
0011d000-00126000 r-xp 00000000 fd:00 491561 /lib/libnss_files-2.5.so
00126000-00127000 r-xp 00008000 fd:00 491561 /lib/libnss_files-2.5.so
00127000-00128000 rwxp 00009000 fd:00 491561 /lib/libnss_files-2.5.so
00132000-00146000 r-xp 00000000 fd:06 1277970 /usr/lib/gconv/BIG5.so
00146000-00148000 rwxp 00013000 fd:06 1277970 /usr/lib/gconv/BIG5.so
0015a000-00173000 r-xp 00000000 fd:00 493179 /lib/ld-2.5.so
00173000-00174000 r-xp 00019000 fd:00 493179 /lib/ld-2.5.so
00174000-00175000 rwxp 0001a000 fd:00 493179 /lib/ld-2.5.so
00199000-0019a000 r-xp 00199000 00:00 0 [vdso]
001e9000-001f4000 r-xp 00000000 fd:06 1278207 /usr/lib/gconv/libKSC.so
001f4000-001f6000 rwxp 0000a000 fd:06 1278207 /usr/lib/gconv/libKSC.so
002b9000-002bb000 r-xp 00000000 fd:00 493201 /lib/libdl-2.5.so
002bb000-002bc000 r-xp 00001000 fd:00 493201 /lib/libdl-2.5.so
002bc000-002bd000 rwxp 00002000 fd:00 493201 /lib/libdl-2.5.so
002bf000-002e4000 r-xp 00000000 fd:00 493199 /lib/libm-2.5.so
002e4000-002e5000 r-xp 00024000 fd:00 493199 /lib/libm-2.5.so
002e5000-002e6000 rwxp 00025000 fd:00 493199 /lib/libm-2.5.so
002e8000-002fb000 r-xp 00000000 fd:00 493197 /lib/libpthread-2.5.so
002fb000-002fc000 r-xp 00012000 fd:00 493197 /lib/libpthread-2.5.so
002fc000-002fd000 rwxp 00013000 fd:00 493197 /lib/libpthread-2.5.so
002fd000-002ff000 rwxp 002fd000 00:00 0
00301000-00313000 r-xp 00000000 fd:06 1214829 /usr/lib/libz.so.1.2.3
00313000-00314000 rwxp 00011000 fd:06 1214829 /usr/lib/libz.so.1.2.3
00316000-0034a000 r-xp 00000000 fd:06 1215118 /usr/lib/libxslt.so.1.1.17
0034a000-0034b000 rwxp 00033000 fd:06 1215118 /usr/lib/libxslt.so.1.1.17
0034d000-00364000 r-xp 00000000 fd:06 1215199 /usr/lib/libobjc.so.1.0.0
00364000-00366000 rwxp 00016000 fd:06 1215199 /usr/lib/libobjc.so.1.0.0
00366000-00367000 rwxp 00366000 00:00 0
00369000-0036a000 r-xp 00000000 fd:06 1215042 /usr/lib/libavcall.so.0.0.0
0036a000-0036b000 rwxp 00000000 fd:06 1215042 /usr/lib/libavcall.so.0.0.0
0036d000-0036e000 r-xp 00000000 fd:06 1215339
/usr/lib/libcallback.so.0.0.0
0036e000-0036f000 rwxp 00001000 fd:06 1215339
/usr/lib/libcallback.so.0.0.0
003b2000-003e5000 r-xp 00000000 fd:06 1214990
/usr/lib/sse2/libgmp.so.3.3.3
003e5000-003e6000 rwxp 00032000 fd:06 1214990
/usr/lib/sse2/libgmp.so.3.3.3
003e6000-00520000 r-xp 00000000 fd:00 493195 /lib/libc-2.5.so
00520000-00522000 r-xp 00139000 fd:00 493195 /lib/libc-2.5.so
00522000-00523000 rwxp 0013b000 fd:00 493195 /lib/libc-2.5.so
00523000-00526000 rwxp 00523000 00:00 0
0054d000-00558000 r-xp 00000000 fd:00 493202
/lib/libgcc_s-4.1.2-20070626.so.1
00558000-00559000 rwxp 0000a000 fd:00 493202
/lib/libgcc_s-4.1.2-20070626.so.1
00872000-0099e000 r-xp 00000000 fd:06 1215295 /usr/lib/libxml2.so.2.6.26
0099e000-009a3000 rwxp 0012b000 fd:06 1215295 /usr/lib/libxml2.so.2.6.26
009a3000-009a4000 rwxp 009a3000 00:00 0
009a6000-00ce1000 r-xp 00000000 fd:06 1215127
/usr/lib/libgnustep-base.so.1.14.2
00ce1000-00d5c000 rwxp 0033a000 fd:06 1215127
/usr/lib/libgnustep-base.so.1.14.2
00d5c000-00d5d000 rwxp 00d5c000 00:00 0
08048000-08083000 r-xp 00000000 fd:06 1279379 /usr/bin/autogsdoc
08083000-0808d000 rw-p 0003a000 fd:06 1279379 /usr/bin/autogsdoc
0966f000-09691000 rw-p 0966f000 00:00 0
09691000-09692000 rwxp 09691000 00:00 0
09692000-096d2000 rw-p 09692000 00:00 0
b7d10000-b7f10000 r--p 00000000 fd:06 1214806
/usr/lib/locale/locale-archive
b7f10000-b7f14000 rw-p b7f10000 00:00 0
b7f17000-b7f1e000 r--s 00000000 fd:06 1278211
/usr/lib/gconv/gconv-modules.cache
b7f1e000-b7f1f000 rw-p b7f1e000 00:00 0
bfce3000-bfcf7000 rwxp bfce3000 00:00 0 [stack]
bfcf7000-bfcf9000 rw-p bfcf7000 00:00 0
Aborted (core dumped)
3) SELinux completely disabled.
[root@shrek6 ~]# autogsdoc
*** buffer overflow detected ***: autogsdoc terminated
======= Backtrace: =========
/lib/libc.so.6(__chk_fail+0x41)[0x6a2131]
/lib/libc.so.6[0x6a2878]
/usr/lib/libgnustep-base.so.1.14[0x31c2cc]
/usr/lib/libgnustep-base.so.1.14[0x3215eb]
/usr/lib/libgnustep-base.so.1.14(GNUstepConfig+0x507)[0x2d9d87]
/usr/lib/libgnustep-base.so.1.14[0x2d3474]
/usr/lib/libgnustep-base.so.1.14(GSDefaultsRootForUser+0x1c)[0x2da08c]
/usr/lib/libgnustep-base.so.1.14[0x348d95]
/usr/lib/libgnustep-base.so.1.14[0x348d56]
/usr/lib/libgnustep-base.so.1.14[0x34d8a2]
autogsdoc(gnustep_base_user_main+0x100)[0x8049240]
/usr/lib/libgnustep-base.so.1.14(main+0x4e)[0x2ece7e]
/lib/libc.so.6(__libc_start_main+0xdc)[0x5d5dec]
autogsdoc(main+0x35)[0x8049051]
======= Memory map: ========
00110000-00123000 r-xp 00000000 fd:00 493197 /lib/libpthread-2.5.so
00123000-00124000 r-xp 00012000 fd:00 493197 /lib/libpthread-2.5.so
00124000-00125000 rwxp 00013000 fd:00 493197 /lib/libpthread-2.5.so
00125000-00127000 rwxp 00125000 00:00 0
00127000-0013e000 r-xp 00000000 fd:06 1215199 /usr/lib/libobjc.so.1.0.0
0013e000-00140000 rwxp 00016000 fd:06 1215199 /usr/lib/libobjc.so.1.0.0
00140000-00141000 rwxp 00140000 00:00 0
00141000-00153000 r-xp 00000000 fd:06 1214829 /usr/lib/libz.so.1.2.3
00153000-00154000 rwxp 00011000 fd:06 1214829 /usr/lib/libz.so.1.2.3
00154000-00155000 r-xp 00000000 fd:06 1215339
/usr/lib/libcallback.so.0.0.0
00155000-00156000 rwxp 00001000 fd:06 1215339
/usr/lib/libcallback.so.0.0.0
00156000-00157000 r-xp 00000000 fd:06 1215042 /usr/lib/libavcall.so.0.0.0
00157000-00158000 rwxp 00000000 fd:06 1215042 /usr/lib/libavcall.so.0.0.0
0015a000-00173000 r-xp 00000000 fd:00 493179 /lib/ld-2.5.so
00173000-00174000 r-xp 00019000 fd:00 493179 /lib/ld-2.5.so
00174000-00175000 rwxp 0001a000 fd:00 493179 /lib/ld-2.5.so
00175000-004b0000 r-xp 00000000 fd:06 1215127
/usr/lib/libgnustep-base.so.1.14.2
004b0000-0052b000 rwxp 0033a000 fd:06 1215127
/usr/lib/libgnustep-base.so.1.14.2
0052b000-0052c000 rwxp 0052b000 00:00 0
0052c000-0055f000 r-xp 00000000 fd:06 1214990
/usr/lib/sse2/libgmp.so.3.3.3
0055f000-00560000 rwxp 00032000 fd:06 1214990
/usr/lib/sse2/libgmp.so.3.3.3
00560000-00594000 r-xp 00000000 fd:06 1215118 /usr/lib/libxslt.so.1.1.17
00594000-00595000 rwxp 00033000 fd:06 1215118 /usr/lib/libxslt.so.1.1.17
00595000-005ba000 r-xp 00000000 fd:00 493199 /lib/libm-2.5.so
005ba000-005bb000 r-xp 00024000 fd:00 493199 /lib/libm-2.5.so
005bb000-005bc000 rwxp 00025000 fd:00 493199 /lib/libm-2.5.so
005bc000-005be000 r-xp 00000000 fd:00 493201 /lib/libdl-2.5.so
005be000-005bf000 r-xp 00001000 fd:00 493201 /lib/libdl-2.5.so
005bf000-005c0000 rwxp 00002000 fd:00 493201 /lib/libdl-2.5.so
005c0000-006fa000 r-xp 00000000 fd:00 493195 /lib/libc-2.5.so
006fa000-006fc000 r-xp 00139000 fd:00 493195 /lib/libc-2.5.so
006fc000-006fd000 rwxp 0013b000 fd:00 493195 /lib/libc-2.5.so
006fd000-00700000 rwxp 006fd000 00:00 0
00700000-0070b000 r-xp 00000000 fd:00 493202
/lib/libgcc_s-4.1.2-20070626.so.1
0070b000-0070c000 rwxp 0000a000 fd:00 493202
/lib/libgcc_s-4.1.2-20070626.so.1
0070c000-0070e000 r-xp 00000000 fd:06 1278196 /usr/lib/gconv/UTF-16.so
0070e000-00710000 rwxp 00001000 fd:06 1278196 /usr/lib/gconv/UTF-16.so
00710000-00712000 r-xp 00000000 fd:06 1278010 /usr/lib/gconv/EUC-KR.so
00712000-00714000 rwxp 00001000 fd:06 1278010 /usr/lib/gconv/EUC-KR.so
00714000-0071d000 r-xp 00000000 fd:00 491561 /lib/libnss_files-2.5.so
0071d000-0071e000 r-xp 00008000 fd:00 491561 /lib/libnss_files-2.5.so
0071e000-0071f000 rwxp 00009000 fd:00 491561 /lib/libnss_files-2.5.so
00723000-00737000 r-xp 00000000 fd:06 1277970 /usr/lib/gconv/BIG5.so
00737000-00739000 rwxp 00013000 fd:06 1277970 /usr/lib/gconv/BIG5.so
00739000-00744000 r-xp 00000000 fd:06 1278207 /usr/lib/gconv/libKSC.so
00744000-00746000 rwxp 0000a000 fd:06 1278207 /usr/lib/gconv/libKSC.so
00872000-0099e000 r-xp 00000000 fd:06 1215295 /usr/lib/libxml2.so.2.6.26
0099e000-009a3000 rwxp 0012b000 fd:06 1215295 /usr/lib/libxml2.so.2.6.26
009a3000-009a4000 rwxp 009a3000 00:00 0
00c09000-00c0a000 r-xp 00c09000 00:00 0 [vdso]
08048000-08083000 r-xp 00000000 fd:06 1279379 /usr/bin/autogsdoc
08083000-0808d000 rw-p 0003a000 fd:06 1279379 /usr/bin/autogsdoc
091f2000-09214000 rw-p 091f2000 00:00 0
09214000-09215000 rwxp 09214000 00:00 0
09215000-09255000 rw-p 09215000 00:00 0
b7d8d000-b7f8d000 r--p 00000000 fd:06 1214806
/usr/lib/locale/locale-archive
b7f8d000-b7f91000 rw-p b7f8d000 00:00 0
b7f94000-b7f9b000 r--s 00000000 fd:06 1278211
/usr/lib/gconv/gconv-modules.cache
b7f9b000-b7f9c000 rw-p b7f9b000 00:00 0
bf98e000-bf9a2000 rwxp bf98e000 00:00 0 [stack]
bf9a2000-bf9a3000 rw-p bf9a2000 00:00 0
Aborted (core dumped)
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/bugs/?23029>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
- [bug #23029] autogsdoc buffer overflow in gnustep-base 1.14.2 and 1.14.3 on Rhel 5,
Gareth Armstrong <=