Michael Bienia wrote: > Hello, Hi,
> libnet-arp-perl fails to build in Ubuntu karmic because of a buffer > overflow in get_mac_linux(): > > t/get_mac........*** buffer overflow detected ***: /usr/bin/perl terminated > ======= Backtrace: ========= > /lib/libc.so.6(__fortify_fail+0x4b)[0x4014c97b] > /lib/libc.so.6[0x4014a9c0] > /lib/libc.so.6(__strcpy_chk+0x44)[0x40149cf4] > /build/buildd/libnet-arp-perl-1.0.3/blib/arch/auto/Net/ARP/ARP.so(get_mac_linux+0x7c)[0x401e2afc] > /build/buildd/libnet-arp-perl-1.0.3/blib/arch/auto/Net/ARP/ARP.so(XS_Net__ARP_get_mac+0x1d5)[0x401e1d15] > /usr/bin/perl(Perl_pp_entersub+0x552)[0x80b3c92] > /usr/bin/perl(Perl_runops_standard+0x19)[0x80b2069] > /usr/bin/perl(perl_run+0x2e0)[0x80b04d0] > /usr/bin/perl(main+0xed)[0x8063ebd] > /lib/libc.so.6(__libc_start_main+0xe5)[0x4007c775] > /usr/bin/perl[0x8063d31] > > The upstream "Changes" file talks about a fix for a buffer overflow in > get_mac_linux() but when I compared the version 1.0.2 and 1.0.3 (or even > 1.0.4) I couldn't find any changes for this. Yes, I mentionned it on CPAN : http://rt.cpan.org:80/Public/Bug/Display.html?id=45126 and unfortunately this has not been fixed in 1.04. The patch I submitted made rather minimal changes (only wanted to fix my problem without updating anything else), but I sent upstream another patch with more changes which fixed this in a better way along with other stuff. I am still waiting for a reply. :) > Attached is a small patch which fixes this by ensuring that not more > data is copied into the interface name buffer than fits in. +- strcpy(iface.ifr_name,dev); ++ strncpy(iface.ifr_name, dev, IFNAMSIZ); ++ iface.ifr_name[IFNAMSIZ] = '\0'; You may want to use this instead: +- strcpy(iface.ifr_name,dev); ++ strncpy(iface.ifr_name, dev, IFNAMSIZ); ++ iface.ifr_name[IFNAMSIZ-1] = '\0'; I will add a patch this week end to fix all the overflows. Regards, -- Franck Joncourt http://debian.org - http://smhteam.info/wiki/
signature.asc
Description: OpenPGP digital signature
