[FS#3491] umDNS fails to compile with GCC10 possible CVE

OpenWrt Bugs openwrt-bugs at lists.openwrt.org
Sat Dec 5 15:09:20 EST 2020 

THIS IS AN AUTOMATED MESSAGE, DO NOT REPLY.

A new Flyspray task has been opened.  Details are below. 

User who did this - ByteEnable (ByteEnable) 

Attached to Project - OpenWrt/LEDE Project
Summary - umDNS fails to compile with GCC10 possible CVE
Task Type - Bug Report
Category - Packages
Status - Unconfirmed
Assigned To - 
Operating System - All
Severity - Low
Priority - Very Low
Reported Version - Trunk
Due in Version - Undecided
Due Date - Undecided
Details - A warning (treated as error)  is emitted from GCC10 when compiling umDNS (object at 'b' is out of the bounds).  This could also turn into a CVE.

[ 40%] Building C object CMakeFiles/umdns-lib.dir/service.c.o
/home/ByteEnable/temp/openwrt-master/staging_dir/toolchain-arm_cortex-a9+vfpv3-d16_gcc-10.2.0_musl_eabi/bin/arm-openwrt-linux-muslgnueabi-gcc   -Os -pipe  -fhonour-copts -Wno-error=unused-but-set-variable -Wno-error=unused-result -mfloat-abi=hard -fmacro-prefix-map=/home/ByteEnable/temp/openwrt-master/build_dir/target-arm_cortex-a9+vfpv3-d16_musl_eabi/umdns-2020-10-26-59e4fc98=umdns-2020-10-26-59e4fc98 -Wformat -Werror=format-security -fstack-protector -D_FORTIFY_SOURCE=1 -Wl,-z,now -Wl,-z,relro -I/home/ByteEnable/temp/openwrt-master/staging_dir/target-arm_cortex-a9+vfpv3-d16_musl_eabi/usr/include -DNDEBUG   -Os -ggdb -Wall -Werror --std=gnu99 -Wmissing-declarations -o CMakeFiles/umdns-lib.dir/service.c.o -c /home/ByteEnable/temp/openwrt-master/build_dir/target-arm_cortex-a9+vfpv3-d16_musl_eabi/umdns-2020-10-26-59e4fc98/service.c
/home/ByteEnable/temp/openwrt-master/build_dir/target-arm_cortex-a9+vfpv3-d16_musl_eabi/umdns-2020-10-26-59e4fc98/service.c: In function 'service_load_blob':
/home/ByteEnable/temp/openwrt-master/build_dir/target-arm_cortex-a9+vfpv3-d16_musl_eabi/umdns-2020-10-26-59e4fc98/service.c:242:10: error: 'strncpy' offset 6 from the object at 'b' is out of the bounds of referenced subobject 'name' with type 'uint8_t[]' {aka 'unsigned char[]'} at offset 6 [-Werror=array-bounds]
  242 |  s->id = strncpy(d_id, blobmsg_name(b), n);
      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from /home/ByteEnable/temp/openwrt-master/staging_dir/target-arm_cortex-a9+vfpv3-d16_musl_eabi/usr/include/libubus.h:23,
                 from /home/ByteEnable/temp/openwrt-master/build_dir/target-arm_cortex-a9+vfpv3-d16_musl_eabi/umdns-2020-10-26-59e4fc98/service.c:23:
/home/ByteEnable/temp/openwrt-master/staging_dir/target-arm_cortex-a9+vfpv3-d16_musl_eabi/usr/include/libubox/blobmsg.h:43:10: note: subobject 'name' declared here
   43 |  uint8_t name[];
      |          ^~~~
cc1: all warnings being treated as errors
make[6]: *** [CMakeFiles/umdns-lib.dir/build.make:121: CMakeFiles/umdns-lib.dir/service.c.o] Error 1
make[6]: Leaving directory '/home/ByteEnable/temp/openwrt-master/build_dir/target-arm_cortex-a9+vfpv3-d16_musl_eabi/umdns-2020-10-26-59e4fc98'
make[5]: *** [CMakeFiles/Makefile2:124: CMakeFiles/umdns-lib.dir/all] Error 2
make[5]: Leaving directory '/home/ByteEnable/temp/openwrt-master/build_dir/target-arm_cortex-a9+vfpv3-d16_musl_eabi/umdns-2020-10-26-59e4fc98'
make[4]: *** [Makefile:149: all] Error 2
make[4]: Leaving directory '/home/ByteEnable/temp/openwrt-master/build_dir/target-arm_cortex-a9+vfpv3-d16_musl_eabi/umdns-2020-10-26-59e4fc98'
make[3]: *** [Makefile:50: /home/ByteEnable/temp/openwrt-master/build_dir/target-arm_cortex-a9+vfpv3-d16_musl_eabi/umdns-2020-10-26-59e4fc98/.built] Error 2
make[3]: Leaving directory '/home/ByteEnable/temp/openwrt-master/package/network/services/umdns'
time: package/network/services/umdns/compile#0.64#0.16#0.00
    ERROR: package/network/services/umdns failed to build.
make[2]: *** [package/Makefile:114: package/network/services/umdns/compile] Error 1
make[2]: Leaving directory '/home/ByteEnable/temp/openwrt-master'
make[1]: *** [package/Makefile:108: /home/ByteEnable/temp/openwrt-master/staging_dir/target-arm_cortex-a9+vfpv3-d16_musl_eabi/stamp/.package_compile] Error 2
make[1]: Leaving directory '/home/ByteEnable/temp/openwrt-master'
make: *** [/home/ByteEnable/temp/openwrt-master/include/toplevel.mk:242: world] Error 2


More information can be found at the following URL:
https://bugs.openwrt.org/index.php?do=details&task_id=3491

You are receiving this message because you have requested it from the Flyspray bugtracking system.  If you did not expect this message or don't want to receive mails in future, you can change your notification settings at the URL shown above.

More information about the openwrt-bugs mailing list