From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 15822 invoked by alias); 2 Apr 2004 14:59:01 -0000 Mailing-List: contact gcc-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Archive: List-Post: List-Help: Sender: gcc-owner@gcc.gnu.org Received: (qmail 15721 invoked from network); 2 Apr 2004 14:58:45 -0000 Received: from unknown (HELO beniaminus.red.cert.org) (192.88.209.10) by sources.redhat.com with SMTP; 2 Apr 2004 14:58:45 -0000 Received: from beniaminus.red.cert.org (localhost [127.0.0.1]) by beniaminus.red.cert.org (8.12.8/8.12.8/2.8) with ESMTP id i32EwgsZ014390 for ; Fri, 2 Apr 2004 09:58:42 -0500 Received: (from defang@localhost) by beniaminus.red.cert.org (8.12.8/8.12.8/Submit/1.1) id i32Evndo014323 for ; Fri, 2 Apr 2004 09:57:49 -0500 Received: from villemus.indigo.cert.org (villemus.indigo.cert.org [10.60.10.5]) by beniaminus.red.cert.org (8.12.9/8.12.9+MIMEDefang) with ESMTP id i32EvmsZ014315; Fri, 02 Apr 2004 09:57:49 -0500 (EST) Received: from cert.org (cobra.blue.cert.org [10.10.10.147]) by villemus.indigo.cert.org (8.12.8/8.12.8/2.42) with ESMTP id i32Evl24015943; Fri, 2 Apr 2004 09:57:47 -0500 Message-ID: <406D7F6B.8030000@cert.org> Date: Fri, 02 Apr 2004 14:59:00 -0000 From: "Robert C. Seacord" User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.5) Gecko/20031007 MIME-Version: 1.0 To: Bruno Haible CC: "CERT(R) Coordination Center" , eggert@twinsun.com, drepper@redhat.com, drepper@gnu.org, glibc-sc@gnu.org, gcc@gcc.gnu.org Subject: Re: VU#540517 References: <200404012003.i31K3lU1019505@starsky.blue.cert.org> <200404021352.03482.bruno@clisp.org> In-Reply-To: <200404021352.03482.bruno@clisp.org> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, hits=0 required=5 checker=SpamAssassin version=2.63 X-Scanned-By: MIMEDefang 2.39 X-SW-Source: 2004-04/txt/msg00108.txt.bz2 Bruno, Thanks for the info. I'm sort of a newbie when it comes to gcc maintenance so forgive me if I'm asking stupid questions. I've downloaded the latest (3.3.3) release and noticed that libgcc2 has not been patched. I also went to the CVS log for gcc/gcc/libgcc2.c and I can see that the latest revision 1.168.6.1 of this file has been patched. However, you claim that this is not the version of __mulvsi3 etc. that ends up in /lib/libgcc_s.so.1? if not, in which source file do these versions of the functions originate? i performed a search of the entire 3.3.3 distribution and only found the routines here.... The specific version I had been testing on, in which I was able to cause undetected integer overflows was gcc (GCC) 3.2.2 20030222 (Red Hat Linux 3.2.2-5). I'll try to repeat these tests on a newer compiler version ASAP. Believe it or not, we would still consider this a security vulnerability even if it has already been patched since previous versions of the software are still in use, and applications which have been built with previous gcc versions may also be vulnerable. however, i would like to accurately document which versions are vulnerable. my best thinking right now is that 3.3.3 and previous versions are vulnerable to integer overflow. could you please confirm this? once i have had a chance to evaluate your latest patches i will comment http://gcc.gnu.org/bugzilla/show_bug.cgi?id=6578 unless you prefer to keep this discussion private for security reasons. rCs -- Robert C. Seacord Senior Vulnerability Analyst CERT/CC Work: 412-268-7608 FAX: 412-268-5758