Bug 836931 - glibc: warn() is not protected by FORTIFY_SOURCE format string protection
glibc: warn() is not protected by FORTIFY_SOURCE format string protection
Status: NEW
Product: Fedora
Classification: Fedora
Component: glibc (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: glibc team
Fedora Extras Quality Assurance
: FutureFeature, Reopened
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-07-02 04:45 EDT by Huzaifa S. Sidhpurwala
Modified: 2017-01-19 15:30 EST (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-07-06 05:28:23 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Huzaifa S. Sidhpurwala 2012-07-02 04:45:52 EDT
While looking into some format string issue, i found that the warn() function does not seem to be protected by the glibc FORTIFY_SOURCE Format string protection mechanism.

Here is a simple example to prove my point:

[huzaifas@babylon ~]$ cat warn1.c 
#include <stdio.h>
#include <err.h>

void main(int argc, char *argv[])
{
warn(argv[1]);
//printf(argv[1]);
}

[huzaifas@babylon ~]$ gcc -O -g -D_FORTIFY_SOURCE=2 -o warn warn1.c
[huzaifas@babylon ~]$ cat print.c 
#include <stdio.h>
#include <err.h>

void main(int argc, char *argv[])
{
//warn(argv[1]);
printf(argv[1]);
}
[huzaifas@babylon ~]$ gcc -O -g -D_FORTIFY_SOURCE=2 -o print print.c

[huzaifas@babylon ~]$ ./warn "%100s%n"
warn:                                                                                               ?&#9646;&#65533;: Segmentation fault
[huzaifas@babylon ~]$ ./print "%100s%n"
*** %n in writable segment detected ***
                                                                                              L&#65533;|&#65533;Aborted
[huzaifas@babylon ~]$
Comment 3 Stefan Cornelius 2012-07-06 05:28:23 EDT
The relevant functions were never meant to be protected by fortify source, so from a security point of view, this is an enhancement only. Since fixing this would break the ABI, we need to work with upstream to see if a protection for these functions can be included in future versions.

In order to track this issue, I've filed a new, non-security bug for glibc in #838050.
Comment 4 Stefan Cornelius 2012-07-09 07:26:05 EDT

*** This bug has been marked as a duplicate of bug 838050 ***

Note You need to log in before you can comment on or make changes to this bug.