[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#6474) test004 (hdb) crashes when slapd is compiled with -D_FORTIFY_SOURCE=2

To: openldap-its@openldap.org
Subject: (ITS#6474) test004 (hdb) crashes when slapd is compiled with -D_FORTIFY_SOURCE=2
From: ralf@OpenLDAP.org
Date: Mon, 15 Feb 2010 13:35:15 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

Full_Name: Ralf Haferkamp
Version: HEAD, RE24
OS: linux (gcc 4.5)
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (89.166.207.32)
Submitted by: ralf


gcc 4.5 will do some stricter checks for buffer overflows when compiling with 
-D_FORTIFY_SOURCE=2. Current HEAD aborts in test004-modify with:

*** buffer overflow detected ***:
/usr/src/packages/BUILD/openldap-2.4.21/servers/slapd/.libs/slapd terminated
======= Backtrace: =========                                                    
                             
#0  0x00007f207dc6b9c5 in raise () from /lib64/libc.so.6
#1  0x00007f207dc6ced6 in abort () from /lib64/libc.so.6
#2  0x00007f207dca6ba9 in __libc_message () from /lib64/libc.so.6
#3  0x00007f207dd20537 in __fortify_fail () from /lib64/libc.so.6
#4  0x00007f207dd1e2e0 in __chk_fail () from /lib64/libc.so.6
#5  0x00007f207fa89769 in strcpy () at dn2id.c:679

There is no real buffer overflow here AFAICS but the real problem is, that the
destination of the strcpy() is defined as char[1] in this case (it's the nrdn
member of a struct diskNode). The additional runtime check when compiling with 
-D_FORTIFY_SOURCE=2 sees that the destination data will not fit in there and
aborts.
The easiest fix here (apart from not building with -D_FORTIFY_SOURCE=2) is to
use memcpy instead of strcpy here. I'll submit that later today.

Prev by Date: Re: (ITS#6322) slapd suddenly stops working, and starts using 100% CPU
Next by Date: (ITS#6475) SASL OTP and syncrepl
Index(es):
- Chronological
- Thread