Disable using __sprintf_chk()

Asked 30/8, 2012 at 16:41 Answered 12/9, 2014 at 9:23

I observe that a c++ program uses sprintf, where this sprintf implicitly invokes __sprintf_chk(). This __sprintf_chk() seems to check buffer overflow by examining stack frames.

For my research purpose, I wonder if it is possible to disable using __sprintf_chk()?

Hedva answered 30/8, 2012 at 16:41 Comment(1)

Can you write your own __sprintf_chk() so that the linker doesn't pull the from the library? – Pentalpha 30/8, 2012 at 16:43

Try to replace all calls to sprintf in your program from this:

 sprintf(params...);

into

 (sprintf)(params...);

This will disable any preprocessor-based sprintf-changing (* only if sprintf was changed using function-like macro like in the case of __sprintf_chk).

For gcc there are options -fno-stack-protector -fno-mudflap. May be also -D_FORTIFY_SOURCE=0 (for any glibc)

For Ubuntu and debian there are pages with security features list: http://wiki.debian.org/Hardening and https://wiki.ubuntu.com/Security/Features Some used compiler flags are listed here https://wiki.ubuntu.com/ToolChain/CompilerFlags

And there is a paper about SSP (stack-protector) and Fortify_source (glibc): http://www.linuxfromscratch.org/hints/downloads/files/ssp.txt

PS: the same for __fgets_chk __gets_chk __printf_chk __fprintf_chk __vprintf_chk __vfprintf_chk __vsprintf_chk __wmemcpy_chk __wmemmove_chk __wmempcpy_chk __wmemset_chk __wcscpy_chk __wcpcpy_chk __wcsncpy_chk __wcpncpy_chk __wcscat_chk __wcsncat_chk __swprintf_chk __vswprintf_chk __fwprintf_chk __wprintf_chk __vfwprintf_chk __vwprintf_chk __fgetws_chk __wcrtomb_chk __mbsrtowcs_chk __wcsrtombs_chk __mbsnrtowcs_chk __wcsnrtombs_chk __memcpy_chk __memmove_chk __mempcpy_chk __memset_chk __strcpy_chk __strncpy_chk __stpncpy_chk __strcat_chk and some others

Cramp answered 30/8, 2012 at 18:38 Comment(3)

That's generally true of almost any standard C library function, that it can be implemented as a preprocessor macro. Using parens forces your code to use the actual function instead of the macro. – Lakitalaks 17/7, 2013 at 23:57

@DavidRTribble, this parens trick has never worked for me with -O3. In this case the only thing that worked was -D_FORTIFY_SOURCE=0 or -U_FORTIFY_SOURCE. – Cucumber 11/11, 2014 at 12:35

Compile with -Wl,--wrap=sprintf and link with --wrap=sprintf. You will need a separate code module for __wrap_sprintf. Then you can use the accepted answer without changing any code. I personally don't like turning off warnings for lots of code. See also the answer below. Perhaps there is a way you can change your build system so that -D_FORTIFY_SOURCE=0 is only given for certain code modules. – Underarm 2/4, 2019 at 12:49

This __sprintf_chk() seems to check buffer overflow by examining stack frames. ... For my research purpose, I wonder if it is possible to disable using __sprintf_chk()?

I believe that's from FORTIFY_SOURCE. There's quite a few functions guarded like that. I believe the following will work for you:

CFLAGS += -U_FORTIFY_SOURCE

Alternately, you might be able to:

CFLAGS += -D_FORTIFY_SOURCE=0

Related: if I encounter software in the field that disables FORTIFY_SOURCE, then I file a security defect against it. Its OK to disable ot for Debug and Testing, but its not appropriate for production software.

Related, here's a [potentially incomplete] list of functions that can be protected with FORTIFY_SOURCE:

memcpy
mempcpy
memmove
memset
stpcpy
strcpy
strncpy
strcat
strncat
sprintf
snprintf
vsprintf
vsnprintf
gets

See Difference between gcc -D_FORTIFY_SOURCE=1 and -D_FORTIFY_SOURCE=2.

Suggest answered 12/9, 2014 at 9:23 Comment(0)

Recommended topics

Hot tags