Skip to Content.
Sympa Menu

ndt-users - Re: Web100srv buffer overflow

Subject: ndt-users list created

List archive

Re: Web100srv buffer overflow


Chronological Thread 
  • From: Tom Throckmorton <>
  • To: Clint Simmons <>
  • Cc:
  • Subject: Re: Web100srv buffer overflow
  • Date: Fri, 7 May 2010 23:47:03 -0400
On May 07 22:27, Tom Throckmorton wrote:
> On May 07 16:58, Clint Simmons wrote:
> > This is one I have never seen before...
> >
> >
> >
> > Kernel 2.6.32-web100
> >
> > ndt-3.6.2b
> >
> >
> >
> > >>
> >
> > ** Starting test 1 of 1 **
> >
> > Connecting to 'nms.myappro.com' [nms.myappro.com/172.23.240.4] to run
> > test
> >
> > Connected to: nms.myappro.com-- Using IPv4 address
> >
> > Checking for Middleboxes . . . . . . . . . . . . . . . . . . Done.
> >
> > Checking for firewalls . . . . . . . . . . . . . . . . . . . Done.
> >
> > running 10s outbound test (client-to-server [C2S]) . . . . . 93.91Mb/s
> >
> > running 10s inbound test (server-to-client [S2C]) . . . . . . 91.84Mb/s
> >
> > Server unable to determine bottleneck link type.
> >
> > <<
> >
> >
> >
> >
> >
> > libweb100: warning: accessing depricated variable AckPktsIn
> >
> > libweb100: warning: accessing depricated variable AckPktsOut
> >
> > *** buffer overflow detected ***: /usr/local/sbin/web100srv terminated
> >
> > ======= Backtrace: =========
>
> Looks like you've compiled w/ stack protection enabled (-fstack-protector is
> being passed to your compiler, likely via CPPFLAGS) and it dutifully caught
> some misbehaving code. I believe this is the default compiler behavior on
> many
> distros now - see https://wiki.ubuntu.com/CompilerFlags for the specifics
> on Ubuntu.
>
> I don't recall that being an issue for earlier releases of NDT, but I
> haven't
> yet compiled 3.6.2b myself, and not on Ubuntu. I _have_ encounterd
> something
> similar with web100_userland, but iirc, that problem was limited only to the
> gutil build, which shouldn't impact/hinder web100srv.
>
> You could try re-compiling w/ more permissive flags - I will try this
> version
> myself and see how it builds/runs.

3.6.2b builds and runs fine here - FWIW, here are the flags I'm using at
build time:

> CXXFLAGS='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions
> -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i386 -mtune=generic
> -fasynchronous-unwind-tables'

I wonder if the problem _is_ actually in libweb100? Could you try instead
rebuilding web100_userland with FORTIFY_SOURCE reduced or disabled?

-tt

> > /lib/tls/i686/cmov/libc.so.6(__fortify_fail+0x48)[0xb779ced8]
> >
> > /lib/tls/i686/cmov/libc.so.6[0xb779bf10]
> >
> > /lib/tls/i686/cmov/libc.so.6[0xb779b41e]
> >
> > /usr/local/sbin/web100srv[0x805d54c]
> >
> > /usr/local/sbin/web100srv[0x804d695]
> >
> > /usr/local/sbin/web100srv[0x80515cd]
> >
> > /lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe6)[0xb76d2b56]
> >
> > /usr/local/sbin/web100srv[0x804ab51]
> >
> > ======= Memory map: ========
> >
> > 08048000-0806e000 r-xp 00000000 48:01 3882
> > /usr/local/sbin/web100srv
> >
> > 0806e000-0806f000 r--p 00025000 48:01 3882
> > /usr/local/sbin/web100srv
> >
> > 0806f000-08070000 rw-p 00026000 48:01 3882
> > /usr/local/sbin/web100srv
> >
> > 08070000-08084000 rw-p 00000000 00:00 0
> >
> > 0939b000-093c4000 rw-p 00000000 00:00 0 [heap]
> >
> > b6663000-b667f000 r-xp 00000000 48:01 635 /lib/libgcc_s.so.1
> >
> > b667f000-b6680000 r--p 0001b000 48:01 635 /lib/libgcc_s.so.1
> >
> > b6680000-b6681000 rw-p 0001c000 48:01 635 /lib/libgcc_s.so.1
> >
> > b6689000-b668a000 ---p 00000000 00:00 0
> >
> > b668a000-b6e8a000 rw-p 00000000 00:00 0
> >
> > b6e8a000-b6e8b000 ---p 00000000 00:00 0
> >
> > b6e8b000-b768b000 rw-p 00000000 00:00 0
> >
> > b768b000-b768d000 r-xp 00000000 48:01 4112 /lib/libnss_mdns4.so.2
> >
> > b768d000-b768e000 r--p 00001000 48:01 4112 /lib/libnss_mdns4.so.2
> >
> > b768e000-b768f000 rw-p 00002000 48:01 4112 /lib/libnss_mdns4.so.2
> >
> > b768f000-b769f000 r-xp 00000000 48:01 629
> > /lib/tls/i686/cmov/libresolv-2.10.1.so
> >
> > b769f000-b76a0000 r--p 00010000 48:01 629
> > /lib/tls/i686/cmov/libresolv-2.10.1.so
> >
> > b76a0000-b76a1000 rw-p 00011000 48:01 629
> > /lib/tls/i686/cmov/libresolv-2.10.1.so
> >
> > b76a1000-b76a3000 rw-p 00000000 00:00 0
> >
> > b76a3000-b76a8000 r-xp 00000000 48:01 326
> > /lib/tls/i686/cmov/libnss_dns-2.10.1.so
> >
> > b76a8000-b76a9000 r--p 00004000 48:01 326
> > /lib/tls/i686/cmov/libnss_dns-2.10.1.so
> >
> > b76a9000-b76aa000 rw-p 00005000 48:01 326
> > /lib/tls/i686/cmov/libnss_dns-2.10.1.so
> >
> > b76aa000-b76ac000 r-xp 00000000 48:01 4113
> > /lib/libnss_mdns4_minimal.so.2
> >
> > b76ac000-b76ad000 r--p 00001000 48:01 4113
> > /lib/libnss_mdns4_minimal.so.2
> >
> > b76ad000-b76ae000 rw-p 00002000 48:01 4113
> > /lib/libnss_mdns4_minimal.so.2
> >
> > b76ae000-b76b8000 r-xp 00000000 48:01 599
> > /lib/tls/i686/cmov/libnss_files-2.10.1.so
> >
> > b76b8000-b76b9000 r--p 00009000 48:01 599
> > /lib/tls/i686/cmov/libnss_files-2.10.1.so
> >
> > b76b9000-b76ba000 rw-p 0000a000 48:01 599
> > /lib/tls/i686/cmov/libnss_files-2.10.1.so
> >
> > b76ba000-b76bc000 rw-p 00000000 00:00 0
> >
> > b76bc000-b77fa000 r-xp 00000000 48:01 232
> > /lib/tls/i686/cmov/libc-2.10.1.so
> >
> > b77fa000-b77fb000 ---p 0013e000 48:01 232
> > /lib/tls/i686/cmov/libc-2.10.1.so
> >
> > b77fb000-b77fd000 r--p 0013e000 48:01 232
> > /lib/tls/i686/cmov/libc-2.10.1.so
> >
> > b77fd000-b77fe000 rw-p 00140000 48:01 232
> > /lib/tls/i686/cmov/libc-2.10.1.so
> >
> > b77fe000-b7801000 rw-p 00000000 00:00 0
> >
> > b7801000-b7815000 r-xp 00000000 48:01 591 /lib/libz.so.1.2.3.3
> >
> > b7815000-b7816000 r--p 00013000 48:01 591 /lib/libz.so.1.2.3.3
> >
> > b7816000-b7817000 rw-p 00014000 48:01 591 /lib/libz.so.1.2.3.3
> >
> > b7817000-b782c000 r-xp 00000000 48:01 628
> > /lib/tls/i686/cmov/libpthread-2.10.1.so
> >
> > b782c000-b782d000 r--p 00014000 48:01 628
> > /lib/tls/i686/cmov/libpthread-2.10.1.so
> >
> > b782d000-b782e000 rw-p 00015000 48:01 628
> > /lib/tls/i686/cmov/libpthread-2.10.1.so
> >
> > b782e000-b7830000 rw-p 00000000 00:00 0
> >
> > b7830000-b7854000 r-xp 00000000 48:01 287
> > /lib/tls/i686/cmov/libm-2.10.1.so
> >
> > b7854000-b7855000 r--p 00023000 48:01 287
> > /lib/tls/i686/cmov/libm-2.10.1.so
> >
> > b7855000-b7856000 rw-p 00024000 48:01 287
> > /lib/tls/i686/cmov/libm-2.10.1.so
> >
> > b7856000-b7887000 r-xp 00000000 48:01 143756
> > /usr/lib/libpcap.so.1.0.0
> >
> > b7887000-b7888000 r--p 00031000 48:01 143756
> > /usr/lib/libpcap.so.1.0.0
> >
> > b7888000-b7889000 rw-p 00032000 48:01 143756
> > /usr/lib/libpcap.so.1.0.0
> >
> > b788f000-b7891000 rw-p 00000000 00:00 0
> >
> > b7891000-b7896000 r-xp 00000000 48:01 3954
> > /usr/local/lib/libweb100.so.0.3.2
> >
> > b7896000-b7897000 r--p 00004000 48:01 3954
> > /usr/local/lib/libweb100.so.0.3.2
> >
> > b7897000-b7898000 rw-p 00005000 48:01 3954
> > /usr/local/lib/libweb100.so.0.3.2
> >
> > b7898000-b789a000 rw-p 00000000 00:00 0
> >
> > b789a000-b789b000 r-xp 00000000 00:00 0 [vdso]
> >
> > b789b000-b78b6000 r-xp 00000000 48:01 176 /lib/ld-2.10.1.so
> >
> > b78b6000-b78b7000 r--p 0001a000 48:01 176 /lib/ld-2.10.1.so
> >
> > b78b7000-b78b8000 rw-p 0001b000 48:01 176 /lib/ld-2.10.1.so
> >
> > bfb81000-bfb96000 rw-p 00000000 00:00 0 [stack]
> >
> >
> >
> >
> >
> > Thanks,
> >
> > Clint Simmons
> >
> >
> >
>
> --
> Tom Throckmorton
> MCNC - Advanced Services Development
> 3021 Cornwallis Road
> Research Triangle Park, NC 27709
> 919.248.1448
>
> "Connecting North Carolina's future today"

--
Tom Throckmorton
MCNC - Advanced Services Development
3021 Cornwallis Road
Research Triangle Park, NC 27709
919.248.1448

"Connecting North Carolina's future today"

| nuclear (NEW-klee-urr)
| it's not that complicated, really

Archive powered by MHonArc 2.6.16.

Top of Page