another SSP bug? (Re: userland ppp ("No context" errors))

YONETANI Tomokazu qhwt+dfly at les.ath.cx
Mon Jun 19 03:11:05 PDT 2006


(bringing an old mail from users@)
On Thu, Feb 09, 2006 at 12:48:06PM +0000, Francis Gudin wrote:
> about compilation flags, i use the following:
>   CCVER=          gcc34
>   CFLAGS=         -Os -pipe
>   COPTFLAGS=      -Os -pipe
>   CPUTYPE=        i686
> 
> I checked ppp.conf for weird chars but nothing came out:
>   aimable# tr '[\200-\377]' @ < /mnt/etc/ppp/ppp.conf | diff -u -
>   /mnt/etc/ppp/ppp.conf
>   aimable#  
> 
> I will try to recompile ppp with '-O -pipe' only and report if things
> are different. I must leave for two days: results by saturday/sunday.

This seems like another stack-smash-protector bug and still lives
in our compiler, only triggered when you use -O(s|[2-9]) flags AND
-march flag (which defaults to pentiumpro) .

If you do one of the following and the problem disappears:
 - add -fno-stack-smash-protector to CFLAGS
 - change prefix[] in function FindExec() shown below to a static array
   so as there's no char array in the local parameter. char array of
   size more than 8 bytes on the stack can trigger the bug.

%%%
static int
FindExec(struct bundle *bundle, struct cmdtab const *cmds, int argc, int argn,
         char const *const *argv, struct prompt *prompt, struct datalink *cx)
{
  struct cmdtab const *cmd;
  int val = 1;
  int nmatch;
  struct cmdargs arg;
  char prefix[100];
%%%

I havn't managed to trim down the source code to a handy size yet.





More information about the Bugs mailing list