tar segfaults (busybox 1.8.1)
Tito
farmatito at tiscali.it
Fri Nov 16 13:19:33 UTC 2007
On Friday 16 November 2007 13:34:25 Alexander Griesser wrote:
> Denys Vlasenko wrote:
> >> CONFIG_FEATURE_SHADOWPASSWDS=y
> >> CONFIG_USE_BB_SHADOW=y
> >> CONFIG_USE_BB_PWD_GRP=y
> >
> > Try switching these off (it will make you use glibc routines).
>
> Still no joy:
>
> -----------------
> tuxx at vi-edv003:~/busybox/busybox-1.8.1$ egrep
> "CONFIG_(FEATURE_SHADOW|USE_BB)" .config
> # CONFIG_FEATURE_SHADOWPASSWDS is not set
> # CONFIG_USE_BB_SHADOW is not set
> # CONFIG_USE_BB_PWD_GRP is not set
>
>
> And of course I started `make` after doing the modifications to .config.
>
> ------------
> tuxx at vi-edv003:~/busybox/busybox-1.8.1$ ./busybox tar cf test.tar a s d
> *** buffer overflow detected ***: ./busybox terminated
> ======= Backtrace: =========
> /lib/libc.so.6(__chk_fail+0x44)[0xb7eb8dd4]
> /lib/libc.so.6(__strcpy_chk+0x49)[0xb7eb8249]
> ./busybox[0x807122c]
> [0x805]
> ======= Memory map: ========
> 08048000-08098000 r-xp 00000000 08:05 2064766
> /home/tuxx/busybox/busybox-1.8.1/busybox
> 08098000-08099000 rw-p 00050000 08:05 2064766
> /home/tuxx/busybox/busybox-1.8.1/busybox
> 08099000-080bd000 rw-p 08099000 00:00 0 [heap]
> b7d8e000-b7d98000 r-xp 00000000 08:01 505102 /lib/libgcc_s.so.1
> b7d98000-b7d99000 rw-p 00009000 08:01 505102 /lib/libgcc_s.so.1
> b7d99000-b7da2000 r-xp 00000000 08:01 505289 /lib/libnss_files-2.6.1.so
> b7da2000-b7da4000 rw-p 00008000 08:01 505289 /lib/libnss_files-2.6.1.so
> b7da4000-b7dac000 r-xp 00000000 08:01 505291 /lib/libnss_nis-2.6.1.so
> b7dac000-b7dae000 rw-p 00007000 08:01 505291 /lib/libnss_nis-2.6.1.so
> b7dae000-b7dc2000 r-xp 00000000 08:01 505286 /lib/libnsl-2.6.1.so
> b7dc2000-b7dc4000 rw-p 00013000 08:01 505286 /lib/libnsl-2.6.1.so
> b7dc4000-b7dc6000 rw-p b7dc4000 00:00 0
> b7dc6000-b7dcd000 r-xp 00000000 08:01 505287 /lib/libnss_compat-2.6.1.so
> b7dcd000-b7dcf000 rw-p 00006000 08:01 505287 /lib/libnss_compat-2.6.1.so
> b7dcf000-b7dd1000 rw-p b7dcf000 00:00 0
> b7dd1000-b7f13000 r-xp 00000000 08:01 505133 /lib/libc-2.6.1.so
> b7f13000-b7f14000 r--p 00142000 08:01 505133 /lib/libc-2.6.1.so
> b7f14000-b7f16000 rw-p 00143000 08:01 505133 /lib/libc-2.6.1.so
> b7f16000-b7f19000 rw-p b7f16000 00:00 0
> b7f19000-b7f3d000 r-xp 00000000 08:01 505284 /lib/libm-2.6.1.so
> b7f3d000-b7f3f000 rw-p 00023000 08:01 505284 /lib/libm-2.6.1.so
> b7f3f000-b7f44000 r-xp 00000000 08:01 505269 /lib/libcrypt-2.6.1.so
> b7f44000-b7f46000 rw-p 00004000 08:01 505269 /lib/libcrypt-2.6.1.so
> b7f46000-b7f6d000 rw-p b7f46000 00:00 0
> b7f8c000-b7f8e000 rw-p b7f8c000 00:00 0
> b7f8e000-b7faa000 r-xp 00000000 08:01 505053 /lib/ld-2.6.1.so
> b7faa000-b7fac000 rw-p 0001b000 08:01 505053 /lib/ld-2.6.1.so
> bfa2a000-bfa3f000 rw-p bffeb000 00:00 0 [stack]
> ffffe000-fffff000 r-xp 00000000 00:00 0 [vdso]
> Aborted
> tuxx at vi-edv003:~/busybox/busybox-1.8.1$
>
>
> ciao,
Hi,
by compiling the latest svn i get this warning:
CC archival/tar.o
archival/tar.c: In function ‘writeFileToTarball’:
archival/tar.c:183: warning: call to __builtin___strcpy_chk will always overflow destination buffer
AR archival/lib.a
LINK busybox_unstripped
Trying libraries: crypt m
Library crypt is needed
Library m is needed
Final link with: crypt m
and after changing the line 183 of tar.c
- strcpy(hp->magic, "ustar ");
+ strcpy(hp->magic, "ustar");
there is no segfault due to the fact
that the size of hp->magic is
char magic[6]; /* 257-262 */
root at localhost:~/Desktop/busybox# touch a s d
root at localhost:~/Desktop/busybox# ./busybox tar cf test.tar a s d
root at localhost:~/Desktop/busybox# ls -la test.tar
-rw-r--r-- 1 root root 2560 2007-11-16 14:15 test.tar
I cannot say if this fix is correct or if maybe it should be
done the other way by increasing the size of char magic
to 8.
Just my 0,02 EUR cents :-)
Ciao,
Tito
More information about the busybox
mailing list