Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Disable using __sprintf_chk()

Tags:

c++

c

printf

fortify-source

I observe that a c++ program uses sprintf, where this sprintf implicitly invokes __sprintf_chk(). This __sprintf_chk() seems to check buffer overflow by examining stack frames.

For my research purpose, I wonder if it is possible to disable using __sprintf_chk()?

like image 987
flyingbin Avatar asked Aug 30 '12 16:08

flyingbin

2 Answers

Try to replace all calls to sprintf in your program from this:

 sprintf(params...);

into

 (sprintf)(params...);

This will disable any preprocessor-based sprintf-changing (* only if sprintf was changed using function-like macro like in the case of __sprintf_chk).

For gcc there are options -fno-stack-protector -fno-mudflap. May be also -D_FORTIFY_SOURCE=0 (for any glibc)

For Ubuntu and debian there are pages with security features list: http://wiki.debian.org/Hardening and https://wiki.ubuntu.com/Security/Features Some used compiler flags are listed here https://wiki.ubuntu.com/ToolChain/CompilerFlags

And there is a paper about SSP (stack-protector) and Fortify_source (glibc): http://www.linuxfromscratch.org/hints/downloads/files/ssp.txt

PS: the same for __fgets_chk __gets_chk __printf_chk __fprintf_chk __vprintf_chk __vfprintf_chk __vsprintf_chk __wmemcpy_chk __wmemmove_chk __wmempcpy_chk __wmemset_chk __wcscpy_chk __wcpcpy_chk __wcsncpy_chk __wcpncpy_chk __wcscat_chk __wcsncat_chk __swprintf_chk __vswprintf_chk __fwprintf_chk __wprintf_chk __vfwprintf_chk __vwprintf_chk __fgetws_chk __wcrtomb_chk __mbsrtowcs_chk __wcsrtombs_chk __mbsnrtowcs_chk __wcsnrtombs_chk __memcpy_chk __memmove_chk __mempcpy_chk __memset_chk __strcpy_chk __strncpy_chk __stpncpy_chk __strcat_chk and some others

like image 200
osgx Avatar answered Oct 21 '22 02:10

osgx

This __sprintf_chk() seems to check buffer overflow by examining stack frames. ... For my research purpose, I wonder if it is possible to disable using __sprintf_chk()?

I believe that's from FORTIFY_SOURCE. There's quite a few functions guarded like that. I believe the following will work for you:

CFLAGS += -U_FORTIFY_SOURCE

Alternately, you might be able to:

CFLAGS += -D_FORTIFY_SOURCE=0

Related: if I encounter software in the field that disables FORTIFY_SOURCE, then I file a security defect against it. Its OK to disable ot for Debug and Testing, but its not appropriate for production software.

Related, here's a [potentially incomplete] list of functions that can be protected with FORTIFY_SOURCE:

  • memcpy
  • mempcpy
  • memmove
  • memset
  • stpcpy
  • strcpy
  • strncpy
  • strcat
  • strncat
  • sprintf
  • snprintf
  • vsprintf
  • vsnprintf
  • gets

See Difference between gcc -D_FORTIFY_SOURCE=1 and -D_FORTIFY_SOURCE=2.

like image 45
jww Avatar answered Oct 21 '22 04:10

jww
Sign in to Comment

Related questions

Is comma operator free from side effect?
Using an array and moving duplicates to end
Undefined reference to static function pointer member in c++, what am I doing wrong?
function from one dll calling the same name function of another dll
Is a pointer an lvalue or rvalue?
Bouncing Ball logics
What is the difference between ! ( x < y ) and x >= y in C++?
C++ compiles but gives error when executed
getline(cin, aString) receiving input without another enter
char *foo vs char* foo [closed]
Infile incomplete type error
How to remove directory recursively?
less or less_equal using set
C++ overloading with one parameter const
Is there a C/C++ IDE that wouldn't prompt to save before compiling?
transpose template function boolean arguments to runtime function arguments with template metaprogramming
Helping using the dilate function OpenCV
PTHREAD_MUTEX_INITIALIZER inside C++ member function cannot compile?
Is it ok to static_cast a void* pointer
Are there limits to how deep nesting of header inclusion can go?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!