sk-netlink.c · 803321abf6ae5f4a5bd0848e29f99cf6346a32f5 · zhul / criu

Libo Chen authored Apr 29, 2013
break running./crtools check :

*** buffer overflow detected ***: ./crtools terminated
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x5c)[0x7fdaacb3e82c]
/lib/x86_64-linux-gnu/libc.so.6(+0x109700)[0x7fdaacb3d700]
./crtools[0x423d00]
./crtools[0x41d021]
./crtools[0x41d259]
./crtools[0x41e4b6]
./crtools[0x418f03]
./crtools[0x404988]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xed)[0x7fdaaca5576d]
./crtools[0x404ad9]
======= Memory map: ========
00400000-00463000 r-xp 00000000 08:01 189158                             /home/clb/crtools/crtools
00662000-00663000 r--p 00062000 08:01 189158                             /home/clb/crtools/crtools
00663000-00671000 rw-p 00063000 08:01 189158                             /home/clb/crtools/crtools
00671000-00677000 rw-p 00000000 00:00 0
01801000-01822000 rw-p 00000000 00:00 0                                  [heap]
7fdaac81e000-7fdaac833000 r-xp 00000000 08:01 410533                     /lib/x86_64-linux-gnu/libgcc_s.so.1
7fdaac833000-7fdaaca32000 ---p 00015000 08:01 410533                     /lib/x86_64-linux-gnu/libgcc_s.so.1
7fdaaca32000-7fdaaca33000 r--p 00014000 08:01 410533                     /lib/x86_64-linux-gnu/libgcc_s.so.1
7fdaaca33000-7fdaaca34000 rw-p 00015000 08:01 410533                     /lib/x86_64-linux-gnu/libgcc_s.so.1
7fdaaca34000-7fdaacbe9000 r-xp 00000000 08:01 393459                     /lib/x86_64-linux-gnu/libc-2.15.so
7fdaacbe9000-7fdaacde8000 ---p 001b5000 08:01 393459                     /lib/x86_64-linux-gnu/libc-2.15.so
7fdaacde8000-7fdaacdec000 r--p 001b4000 08:01 393459                     /lib/x86_64-linux-gnu/libc-2.15.so
7fdaacdec000-7fdaacdee000 rw-p 001b8000 08:01 393459                     /lib/x86_64-linux-gnu/libc-2.15.so
7fdaacdee000-7fdaacdf3000 rw-p 00000000 00:00 0
7fdaacdf3000-7fdaace03000 r-xp 00000000 08:01 937695                     /usr/local/lib/libprotobuf-c.so.0.0.0
7fdaace03000-7fdaad002000 ---p 00010000 08:01 937695                     /usr/local/lib/libprotobuf-c.so.0.0.0
7fdaad002000-7fdaad003000 r--p 0000f000 08:01 937695                     /usr/local/lib/libprotobuf-c.so.0.0.0
7fdaad003000-7fdaad004000 rw-p 00010000 08:01 937695                     /usr/local/lib/libprotobuf-c.so.0.0.0
7fdaad004000-7fdaad01c000 r-xp 00000000 08:01 393528                     /lib/x86_64-linux-gnu/libpthread-2.15.so
7fdaad01c000-7fdaad21b000 ---p 00018000 08:01 393528                     /lib/x86_64-linux-gnu/libpthread-2.15.so
7fdaad21b000-7fdaad21c000 r--p 00017000 08:01 393528                     /lib/x86_64-linux-gnu/libpthread-2.15.so
7fdaad21c000-7fdaad21d000 rw-p 00018000 08:01 393528                     /lib/x86_64-linux-gnu/libpthread-2.15.so
7fdaad21d000-7fdaad221000 rw-p 00000000 00:00 0
7fdaad221000-7fdaad243000 r-xp 00000000 08:01 393441                     /lib/x86_64-linux-gnu/ld-2.15.so
7fdaad437000-7fdaad43b000 rw-p 00000000 00:00 0
7fdaad440000-7fdaad443000 rw-p 00000000 00:00 0
7fdaad443000-7fdaad444000 r--p 00022000 08:01 393441                     /lib/x86_64-linux-gnu/ld-2.15.so
7fdaad444000-7fdaad446000 rw-p 00023000 08:01 393441                     /lib/x86_64-linux-gnu/ld-2.15.so
7fff9eb3c000-7fff9eb5d000 rw-p 00000000 00:00 0                          [stack]
7fff9ebcf000-7fff9ebd1000 r-xp 00000000 00:00 0                          [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]

I find this overflow by the phase: memcpy(sd->groups, groups, sd->gsize);
The reason is sd->gsize = 8 Byte, but sd->groups = xmalloc(sizeof(sd->gsize))  is exact 4 Byte.
Signed-off-by: Libo Chen <libo.chen@huawei.com>
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
Acked-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
e3101c8e
sk-netlink.c 5.42 KB
Replace sk-netlink.c
