Disable using __sprintf_chk()

北战南征 提交于 2019-12-09 13:13:30

问题


I observe that a c++ program uses sprintf, where this sprintf implicitly invokes __sprintf_chk(). This __sprintf_chk() seems to check buffer overflow by examining stack frames.

For my research purpose, I wonder if it is possible to disable using __sprintf_chk()?


回答1:


Try to replace all calls to sprintf in your program from this:

 sprintf(params...);

into

 (sprintf)(params...);

This will disable any preprocessor-based sprintf-changing (* only if sprintf was changed using function-like macro like in the case of __sprintf_chk).

For gcc there are options -fno-stack-protector -fno-mudflap. May be also -D_FORTIFY_SOURCE=0 (for any glibc)

For Ubuntu and debian there are pages with security features list: http://wiki.debian.org/Hardening and https://wiki.ubuntu.com/Security/Features Some used compiler flags are listed here https://wiki.ubuntu.com/ToolChain/CompilerFlags

And there is a paper about SSP (stack-protector) and Fortify_source (glibc): http://www.linuxfromscratch.org/hints/downloads/files/ssp.txt

PS: the same for __fgets_chk __gets_chk __printf_chk __fprintf_chk __vprintf_chk __vfprintf_chk __vsprintf_chk __wmemcpy_chk __wmemmove_chk __wmempcpy_chk __wmemset_chk __wcscpy_chk __wcpcpy_chk __wcsncpy_chk __wcpncpy_chk __wcscat_chk __wcsncat_chk __swprintf_chk __vswprintf_chk __fwprintf_chk __wprintf_chk __vfwprintf_chk __vwprintf_chk __fgetws_chk __wcrtomb_chk __mbsrtowcs_chk __wcsrtombs_chk __mbsnrtowcs_chk __wcsnrtombs_chk __memcpy_chk __memmove_chk __mempcpy_chk __memset_chk __strcpy_chk __strncpy_chk __stpncpy_chk __strcat_chk and some others




回答2:


This __sprintf_chk() seems to check buffer overflow by examining stack frames. ... For my research purpose, I wonder if it is possible to disable using __sprintf_chk()?

I believe that's from FORTIFY_SOURCE. There's quite a few functions guarded like that. I believe the following will work for you:

CFLAGS += -U_FORTIFY_SOURCE

Alternately, you might be able to:

CFLAGS += -D_FORTIFY_SOURCE=0

Related: if I encounter software in the field that disables FORTIFY_SOURCE, then I file a security defect against it. Its OK to disable ot for Debug and Testing, but its not appropriate for production software.


Related, here's a [potentially incomplete] list of functions that can be protected with FORTIFY_SOURCE:

  • memcpy
  • mempcpy
  • memmove
  • memset
  • stpcpy
  • strcpy
  • strncpy
  • strcat
  • strncat
  • sprintf
  • snprintf
  • vsprintf
  • vsnprintf
  • gets

See Difference between gcc -D_FORTIFY_SOURCE=1 and -D_FORTIFY_SOURCE=2.



来源:https://stackoverflow.com/questions/12201625/disable-using-sprintf-chk

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!