[OpenAFS] Buffer overflow on Mac OS X 10.9.2 Mavericks

Frederick Luehring luehring@indiana.edu
Mon, 21 Apr 2014 12:43:35 -0400 

Thanks!

On 4/21/14, 12:29 PM, D Brashear wrote:
> data off the wire never makes it there, so there should be no privilege
> escalation. you may be able to crash something you ran yourself.
> 
> we'll check it out, though. still not good, just not likely to have security
> implications.
> 
> and the krb5 options changes in configure. that page needs a refresh
> 
> 
> On Mon, Apr 21, 2014 at 11:12 AM, Frederick Luehring <luehring@indiana.edu
> <mailto:luehring@indiana.edu>> wrote:
> 
>     Hi Everyone,
> 
>         Since there has been certain amount of excitement about the consequences
>     of buffer overflows in recent days, I would like to point a possible problem I
>     discovered when following the instructions to compile open afs on Mac OS X. I
>     guess you know of this but just in case, if follow the instructions at:
> 
>     http://www.openafs.org/macos.html
> 
>     it sets the enable-checking flag which almost immediately finds:
> 
>     gcc  -Os -I/Users/luehring/openafs-1.6.6/src/config
>     -I/Users/luehring/openafs-1.6.6/include -I. -I.   -Os -Wall
>     -Wstrict-prototypes -Wold-style-definition -Wpointer-arith -Wall
>     -Wstrict-prototypes -Wold-style-definition -Werror -fdiagnostics-show-option
>     -Wpointer-arith -arch i386 -arch x86_64  -c cmd.c
>     cmd.c:46:30: error: the value of the size argument in 'strncat' is too large,
>     might lead to a buffer overflow [-Werror,-Wstrncat-size]
>             strncat(tbuffer, a2, sizeof(tbuffer));
>                                  ^~~~~~~~~~~~~~~
>     cmd.c:46:30: note: change the argument to be the free space in the destination
>     buffer minus the terminating null byte
>             strncat(tbuffer, a2, sizeof(tbuffer));
>                                  ^~~~~~~~~~~~~~~
>                                  sizeof(tbuffer) - strlen(tbuffer) - 1
>     1 error generated.
>     make[3]: *** [cmd.o] Error 1
>     make[2]: *** [cmd] Error 2
>     make[1]: *** [build] Error 2
>     make: *** [all] Error 2
> 
>     Those instructions also set "--with-krb5-conf=/usr/bin/krb5-config" which
>     seems to be unrecognized. I guess this is because kerberos version 4 is
>     completely dead and the flag is no longer needed.
> 
>     Fred
>     --
>     Fred Luehring Indiana U. HEP mailto:luehring@indiana.edu
>     <mailto:luehring@indiana.edu>  +1 812 855 1025
>     <tel:%2B1%20812%20855%201025> IU
>     http://cern.ch/Fred.Luehring mailto:Fred.Luehring@cern.ch
>     <mailto:Fred.Luehring@cern.ch> +41 22 767 1166
>     <tel:%2B41%2022%20767%201166> CERN
>     http://cern.ch/Fred.Luehring/Luehring_pub.asc             +1 812 391 0225
>     <tel:%2B1%20812%20391%200225> GSM
>     _______________________________________________
>     OpenAFS-info mailing list
>     OpenAFS-info@openafs.org <mailto:OpenAFS-info@openafs.org>
>     https://lists.openafs.org/mailman/listinfo/openafs-info
> 
> 
> 
> 
> -- 
> D


-- 
Fred Luehring Indiana U. HEP mailto:luehring@indiana.edu  +1 812 855 1025 IU
http://cern.ch/Fred.Luehring mailto:Fred.Luehring@cern.ch +41 22 767 1166 CERN
http://cern.ch/Fred.Luehring/Luehring_pub.asc             +1 812 391 0225 GSM