问题
I observe that a c++ program uses sprintf
, where this sprintf implicitly invokes __sprintf_chk()
.
This __sprintf_chk()
seems to check buffer overflow by examining stack frames.
For my research purpose, I wonder if it is possible to disable using __sprintf_chk()
?
回答1:
Try to replace all calls to sprintf in your program from this:
sprintf(params...);
into
(sprintf)(params...);
This will disable any preprocessor-based sprintf-changing (* only if sprintf was changed using function-like macro like in the case of __sprintf_chk
).
For gcc there are options -fno-stack-protector -fno-mudflap
. May be also -D_FORTIFY_SOURCE=0
(for any glibc)
For Ubuntu and debian there are pages with security features list: http://wiki.debian.org/Hardening and https://wiki.ubuntu.com/Security/Features Some used compiler flags are listed here https://wiki.ubuntu.com/ToolChain/CompilerFlags
And there is a paper about SSP (stack-protector) and Fortify_source (glibc): http://www.linuxfromscratch.org/hints/downloads/files/ssp.txt
PS: the same for __fgets_chk __gets_chk __printf_chk __fprintf_chk __vprintf_chk __vfprintf_chk __vsprintf_chk __wmemcpy_chk __wmemmove_chk __wmempcpy_chk __wmemset_chk __wcscpy_chk __wcpcpy_chk __wcsncpy_chk __wcpncpy_chk __wcscat_chk __wcsncat_chk __swprintf_chk __vswprintf_chk __fwprintf_chk __wprintf_chk __vfwprintf_chk __vwprintf_chk __fgetws_chk __wcrtomb_chk __mbsrtowcs_chk __wcsrtombs_chk __mbsnrtowcs_chk __wcsnrtombs_chk __memcpy_chk __memmove_chk __mempcpy_chk __memset_chk __strcpy_chk __strncpy_chk __stpncpy_chk __strcat_chk and some others
回答2:
This __sprintf_chk() seems to check buffer overflow by examining stack frames. ... For my research purpose, I wonder if it is possible to disable using __sprintf_chk()?
I believe that's from FORTIFY_SOURCE
. There's quite a few functions guarded like that. I believe the following will work for you:
CFLAGS += -U_FORTIFY_SOURCE
Alternately, you might be able to:
CFLAGS += -D_FORTIFY_SOURCE=0
Related: if I encounter software in the field that disables FORTIFY_SOURCE
, then I file a security defect against it. Its OK to disable ot for Debug and Testing, but its not appropriate for production software.
Related, here's a [potentially incomplete] list of functions that can be protected with FORTIFY_SOURCE
:
- memcpy
- mempcpy
- memmove
- memset
- stpcpy
- strcpy
- strncpy
- strcat
- strncat
- sprintf
- snprintf
- vsprintf
- vsnprintf
- gets
See Difference between gcc -D_FORTIFY_SOURCE=1 and -D_FORTIFY_SOURCE=2.
来源:https://stackoverflow.com/questions/12201625/disable-using-sprintf-chk