nvram-wakeup buffer overflow detected

servus albert,

I need some help with your workaround:

"temporary workaround: compile with -D_FORTIFY_SOURCE=0 -fno-stack-protector"

I don´t know how to apply that! I guess I have to add this line somewhere in the Makefile, but I dont know how!
Im new in the Ubuntu universe, so I would be very happy about some assistance of yours.

thx!

hi, add it to CFLAGS variable in Makefile:

CFLAGS = -O2 -Wall -Wstrict-prototypes -g -pedantic
$(DEFS) -D_FORTIFY_SOURCE=0 -fno-stack-protector

jn

On Thursday 14 of May 2009 17:35:35 raulelmagico wrote:
> servus albert,
>
> I need some help with your workaround:
>
> "temporary workaround: compile with -D_FORTIFY_SOURCE=0 -fno-stack-
> protector"
>
> I don´t know how to apply that! I guess I have to add this line somewhere
> in the Makefile, but I dont know how! Im new in the Ubuntu universe, so I
> would be very happy about some assistance of yours.
>
> thx!

Since there are already 2 reports and I am the third I am marking this one as confirmed.

-fno-stack-protector will not change this behavior. The abort reported is from FORTIFY. The better solution would to be to find the sprintf that is failing and fix that bug. :) Some details:
https://wiki.ubuntu.com/CompilerFlags

you are right, but after disabling fortify, you get "stack smashing detected"
error , so it's necessary to disable stack protector too to get working
binary.

and ofcourse it's not a fix, it's just temporary workaround...

*** stack smashing detected ***: ./nvram-wakeup terminated
======= Backtrace: =========
/lib/tls/i686/cmov/libc.so.6(__fortify_fail+0x48)[0xb8047da8]
/lib/tls/i686/cmov/libc.so.6(__fortify_fail+0x0)[0xb8047d60]
./nvram-wakeup[0x8052d0e]
./nvram-wakeup[0x8049927]
/lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe5)[0xb7f60775]
./nvram-wakeup[0x8048cd1]
======= Memory map: ========

Here's the patch to fix the overflow. I've attached it to the upstream bug report too:
https://sourceforge.net/tracker/?func=detail&aid=2782757&group_id=35022&atid=412755

This bug was fixed in the package nvram-wakeup - 0.99b-1ubuntu1

---------------
nvram-wakeup (0.99b-1ubuntu1) karmic; urgency=low

  * tools.c: fix buffer overflow in xxd (LP: #370261, debian bug 529074).

 -- Kees Cook <email address hidden> Sun, 17 May 2009 08:47:35 -0700

(While intrepid's version technically works, if it were recompiled for another SRU, it would fail. For now, in the interests of minimal changes and no regressions, intrepid can be skipped.)

A fixed package for Jaunty has been uploaded to -proposed. Once it is accepted, it will need to be tested before it is published to the -updates pocket. Thanks again for the bug report!

Accepted nvram-wakeup into jaunty-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

I had the same buffer overflow problem in Jaunty but the package in jaunty-proposed has fixed it for me. Many thanks.

This bug was fixed in the package nvram-wakeup - 0.97-14lenny1ubuntu0.1

---------------
nvram-wakeup (0.97-14lenny1ubuntu0.1) jaunty-proposed; urgency=low

  * debian/patches/20_fix-xxd-overflow.dpatch: fix buffer overflow in xxd
    (LP: #370261, debian bug 529074).

 -- Kees Cook <email address hidden> Sun, 17 May 2009 09:15:31 -0700