https://gcc.gnu.org/bugzilla/show_bug.cgi?id=68069
Bug ID: 68069
Summary: -fstack-protector-strong does not protect from buffer
overflow attack
Product: gcc
Version: 4.9.3
Status: UNCONFIRMED
Severity: major
Priority: P3
Component: c
Assignee: unassigned at gcc dot gnu.org
Reporter: milosvova at gmail dot com
Target Milestone: ---
Created attachment 36567
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=36567&action=edit
Vulnerable program
I've implemented very short and simple program that illegally calls a function
using buffer overflow attack. First, I compiled it with -fno-stack-protector
and it worked. Then I enabled stack protector and found out that my snippet is
still able to illegally call function.
Steps to reproduce:
1) Copy source.c from attachment
2) Compile the source: gcc -O0 -fstack-protector-strong source.c -o test
3) Run the program ./test
4) Input any number, press enter, input the number printed above, press enter,
input 10, press enter
5) If "In f2()" was printed, -fstack-protector-strong has failed to detect the
attack.
My GCC version: gcc (Gentoo 4.9.3 p1.2, pie-0.6.3) 4.9.3
The output of gcc -Q -v test.c -o test_stack and my program source will be
attached.
As my bug (if confirmed) is connected to serious security issues, I'm setting
severity to "major".