Re: [OpenAFS] Buffer overflow on Mac OS X 10.9.2 Mavericks

Mon, 21 Apr 2014 10:10:44 -0700 

data off the wire never makes it there, so there should be no privilege
escalation. you may be able to crash something you ran yourself.

we'll check it out, though. still not good, just not likely to have
security implications.

and the krb5 options changes in configure. that page needs a refresh


On Mon, Apr 21, 2014 at 11:12 AM, Frederick Luehring
<luehr...@indiana.edu>wrote:

> Hi Everyone,
>
>     Since there has been certain amount of excitement about the
> consequences
> of buffer overflows in recent days, I would like to point a possible
> problem I
> discovered when following the instructions to compile open afs on Mac OS
> X. I
> guess you know of this but just in case, if follow the instructions at:
>
> http://www.openafs.org/macos.html
>
> it sets the enable-checking flag which almost immediately finds:
>
> gcc  -Os -I/Users/luehring/openafs-1.6.6/src/config
> -I/Users/luehring/openafs-1.6.6/include -I. -I.   -Os -Wall
> -Wstrict-prototypes -Wold-style-definition -Wpointer-arith -Wall
> -Wstrict-prototypes -Wold-style-definition -Werror
> -fdiagnostics-show-option
> -Wpointer-arith -arch i386 -arch x86_64  -c cmd.c
> cmd.c:46:30: error: the value of the size argument in 'strncat' is too
> large,
> might lead to a buffer overflow [-Werror,-Wstrncat-size]
>         strncat(tbuffer, a2, sizeof(tbuffer));
>                              ^~~~~~~~~~~~~~~
> cmd.c:46:30: note: change the argument to be the free space in the
> destination
> buffer minus the terminating null byte
>         strncat(tbuffer, a2, sizeof(tbuffer));
>                              ^~~~~~~~~~~~~~~
>                              sizeof(tbuffer) - strlen(tbuffer) - 1
> 1 error generated.
> make[3]: *** [cmd.o] Error 1
> make[2]: *** [cmd] Error 2
> make[1]: *** [build] Error 2
> make: *** [all] Error 2
>
> Those instructions also set "--with-krb5-conf=/usr/bin/krb5-config" which
> seems to be unrecognized. I guess this is because kerberos version 4 is
> completely dead and the flag is no longer needed.
>
> Fred
> --
> Fred Luehring Indiana U. HEP mailto:luehr...@indiana.edu  +1 812 855 1025IU
> http://cern.ch/Fred.Luehring mailto:fred.luehr...@cern.ch +41 22 767 1166CERN
> http://cern.ch/Fred.Luehring/Luehring_pub.asc             +1 812 391 0225GSM
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
>
>


-- 
D

Reply via email to