Package: acl
Version: 2.3.1-4
Severity: normal
Tags: patch
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu noble ubuntu-patch
Hi Guillem,
It appears that something in the latest update of hardening flags in Ubuntu
noble now causes the package to fail to build, with both a compiler warning
about a buffer overflow, and runtime failures of getfacl because it trips
glibc's buffer overflow detection:
[...]
In function 'strcpy',
inlined from '__acl_to_any_text' at libacl/__acl_to_any_text.c:90:3:
/usr/include/x86_64-linux-gnu/bits/string_fortified.h:79:10: warning:
'__builtin___strcpy_chk' writing 1 or more bytes into a region of size 0
overflows the destination [-Wstringop-overflow=]
79 | return __builtin___strcpy_chk (__dest, __src, __glibc_objsize
(__dest));
| ^
[...]
FAIL: test/cp
=============
[...]
[28] $ getfacl --omit-header h/x -- failed
*** buffer overflow detected ***: terminated != user::rw-
~ != user:bin:rwx
~ != group::r--
~ != mask::rwx
~ != other::r--
~ !=
[...]
(https://launchpad.net/ubuntu/+source/acl/2.3.1-4/+build/27588829)
This traces back to a use of a 0-length array in a struct as a flexible
variable-length array, which confuses the compiler's + glibc's string
hardening and results in a false-positive detection of a buffer overflow.
While this false-positive could be avoided by downgrading from
_FORTIFY_SOURCE=3 back to _FORTIFY_SOURCE=2, that would also weaken our
ability to detect actual bugs, so instead I've prepared the attached patch
to make the flexible array implementation compatible with the gcc hardening
implementation, as described at
<https://people.kernel.org/kees/bounded-flexible-arrays-in-c>.
Thanks for considering,
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
Ubuntu Developer https://www.debian.org/
slanga...@ubuntu.com vor...@debian.org
diff -Nru acl-2.3.1/debian/patches/flexible-array-bounds.patch
acl-2.3.1/debian/patches/flexible-array-bounds.patch
--- acl-2.3.1/debian/patches/flexible-array-bounds.patch 1969-12-31
16:00:00.000000000 -0800
+++ acl-2.3.1/debian/patches/flexible-array-bounds.patch 2024-01-04
13:52:50.000000000 -0800
@@ -0,0 +1,22 @@
+Description: Fix use of flexible array to allow proper bounds checking
+ As described at https://people.kernel.org/kees/bounded-flexible-arrays-in-c
+ we should not define flexible arrays as being an array with 0 members; this
+ prevents the compiler from doing proper bounds checking and build time, and
+ in our case with gcc-13 in Ubuntu results in a getfacl command that aborts
+ claiming that a buffer overflow has been detected.
+Author: Steve Langasek <steve.langa...@ubuntu.com>
+Forwarded: no
+Last-Update: 2024-01-04
+
+--- acl-2.3.1.orig/libacl/libobj.h
++++ acl-2.3.1/libacl/libobj.h
+@@ -77,7 +77,8 @@ typedef struct string_obj_tag string_obj
+
+ /* string object */
+ struct __string_ext {
+- char s_str[0];
++ struct { } __unused_member1;
++ char s_str[];
+ };
+ struct string_obj_tag {
+ obj_prefix o_prefix;
diff -Nru acl-2.3.1/debian/patches/series acl-2.3.1/debian/patches/series
--- acl-2.3.1/debian/patches/series 2021-04-08 17:43:29.000000000 -0700
+++ acl-2.3.1/debian/patches/series 2024-01-04 13:50:12.000000000 -0800
@@ -7,3 +7,4 @@
man-setfacl-restore-stdin.patch
getfacl-fix-uninitialized-variable.patch
l10n-update-fr.patch
+flexible-array-bounds.patch
