[OpenAFS] Buffer overflow on Mac OS X 10.9.2 Mavericks

Frederick Luehring luehring@indiana.edu
Mon, 21 Apr 2014 11:12:22 -0400


Hi Everyone,

    Since there has been certain amount of excitement about the consequences
of buffer overflows in recent days, I would like to point a possible problem I
discovered when following the instructions to compile open afs on Mac OS X. I
guess you know of this but just in case, if follow the instructions at:

http://www.openafs.org/macos.html

it sets the enable-checking flag which almost immediately finds:

gcc  -Os -I/Users/luehring/openafs-1.6.6/src/config
-I/Users/luehring/openafs-1.6.6/include -I. -I.   -Os -Wall
-Wstrict-prototypes -Wold-style-definition -Wpointer-arith -Wall
-Wstrict-prototypes -Wold-style-definition -Werror -fdiagnostics-show-option
-Wpointer-arith -arch i386 -arch x86_64  -c cmd.c
cmd.c:46:30: error: the value of the size argument in 'strncat' is too large,
might lead to a buffer overflow [-Werror,-Wstrncat-size]
        strncat(tbuffer, a2, sizeof(tbuffer));
                             ^~~~~~~~~~~~~~~
cmd.c:46:30: note: change the argument to be the free space in the destination
buffer minus the terminating null byte
        strncat(tbuffer, a2, sizeof(tbuffer));
                             ^~~~~~~~~~~~~~~
                             sizeof(tbuffer) - strlen(tbuffer) - 1
1 error generated.
make[3]: *** [cmd.o] Error 1
make[2]: *** [cmd] Error 2
make[1]: *** [build] Error 2
make: *** [all] Error 2

Those instructions also set "--with-krb5-conf=/usr/bin/krb5-config" which
seems to be unrecognized. I guess this is because kerberos version 4 is
completely dead and the flag is no longer needed.

Fred
-- 
Fred Luehring Indiana U. HEP mailto:luehring@indiana.edu  +1 812 855 1025 IU
http://cern.ch/Fred.Luehring mailto:Fred.Luehring@cern.ch +41 22 767 1166 CERN
http://cern.ch/Fred.Luehring/Luehring_pub.asc             +1 812 391 0225 GSM