search

ofalk / libdnet

libdnet provides a simplified, portable interface to several low-level networking routines.
Other
153 stars 60 forks source link

Conflicting parameter types of strlcpy, strlcat to cause undefined behaviour #68

Closed florianernst closed 2 years ago

florianernst commented 2 years ago

Hello there,

the following bugreport is a forward from the Debian BugTrackingSystem:

During a rebuild of all packages in a clean sid chroot (and cowbuilder+pbuilder) the build failed with the following error. Please note that we use our research compiler tool-chain (using tools from the cbmc package), which permits extended reporting on type inconsistencies at link time.

[...] libtool: link: gcc -shared -fPIC -DPIC .libs/addr-util.o .libs/addr.o .libs/blob.o .libs/ip-util.o .libs/ip6.o .libs/rand.o .libs/strlcat.o .libs/strlcpy.o .libs/arp-ioctl.o .libs/eth-linux.o .libs/fw-none.o .libs/intf.o .libs/ip.o .libs/route-linux.o .libs/tun-linux.o -O2 -Wl,-soname -Wl,libdumbnet.so.1 -o .libs/libdumbnet.so.1.0.1

error: conflicting function declarations "strlcpy" old definition in module strlcpy file strlcpy.c line 43 unsigned long int (char dst, const char src, unsigned long int siz) new definition in module arp-ioctl file ../include/config.h line 297 signed int (char , const char , signed int) Makefile:399: recipe for target 'libdumbnet.la' failed make[2]: *** [libdumbnet.la] Error 64 make[2]: Leaving directory '/srv/jenkins-slave/workspace/sid-goto-cc-libdumbnet/libdumbnet-1.12/src' Makefile:460: recipe for target 'all-recursive' failed

While only the first error is reported, the following similarly holds for strlcat: The declarations in config.h.in need to use size_t as type of the last argument as all systems with sizeof(size_t)>sizeof(int) may see arbitrary values for the high bytes of the argument. Consequently strlcpy/strlcat may overflow. Likely this is not remote controllable, but security considerations should apply.

Cheers, Flo

ofalk commented 2 years ago

Valid point, but I have the following problem: strlcpy (and others) seem to come from from libbsd. According to the docs, it's not part for GNU libc and I guess it should be replaced with others - see also:

https://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/html/Defensive_Coding/ch01s02s03s05.html

However, to be honest, I cannot estimate the effort to dig into all occurrences and update it accordingly. Which doesn't mean I don't want to fix it, but time is very limited.

ofalk commented 2 years ago

Please have a look at the new branch, where I tried removing the local versions of strl* and strsep: https://github.com/ofalk/libdnet/commit/58d3a7915104bb1d6605c8ddc484fc5951546ca9

ofalk commented 2 years ago

New release 1.16 removes the local versions of strl*.