0ddee9b7d2
How to reproduce 1-byte overflow:
```
$ FEATURES=-test CFLAGS="-fsanitize=address -O0 -ggdb3" emerge -1 openrc
=================================================================
==1==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7fff0efd8710
at pc 0x000000402076 bp 0x7fff0efd7d50 sp 0x7fff0efd7d40
WRITE of size 1 at 0x7fff0efd8710 thread T0
#0 0x402075 (/sbin/openrc-init+0x402075)
#1 0x3cf6e2070f in __libc_start_main (/lib64/libc.so.6+0x3cf6e2070f)
#2 0x4013b8 (/sbin/openrc-init+0x4013b8)
Address 0x7fff0efd8710 is located in stack of thread T0 at offset 2432 in frame
#0 0x401cfb (/sbin/openrc-init+0x401cfb)
This frame has 3 object(s):
[32, 160) 'signals'
[192, 344) 'sa'
[384, 2432) 'buf' <== Memory access at offset 2432 overflows this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow ??:0 ??
```
The problem here is in the code handling reads from 'init.ctl':
```
int main(int argc, char **argv) {
...
char buf[2048];
for (;;) {
/* This will block until a command is sent down the pipe... */
fifo = fopen(RC_INIT_FIFO, "r");
count = fread(buf, 1, 2048, fifo);
buf[count] = 0;
...
}
```
`buf[count] = 0;` writes outside the buffer when `fread()` returns non-truncated read.
This fixes #138.
OpenRC README
OpenRC is a dependency-based init system that works with the
system-provided init program, normally /sbin/init. Currently, it does
not have an init program of its own.
Installation
OpenRC requires GNU make.
Once you have GNU Make installed, the default OpenRC installation can be executed using this command:
make install
Configuration
You may wish to configure the installation by passing one or more of the below arguments to the make command
PROGLDFLAGS=-static
LIBNAME=lib64
DESTDIR=/tmp/openrc-image
MKNET=no
MKPAM=pam
MKPREFIX=yes
MKPKGCONFIG=no
MKSELINUX=yes
MKSTATICLIBS=no
MKTERMCAP=ncurses
MKTERMCAP=termcap
PKG_PREFIX=/usr/pkg
LOCAL_PREFIX=/usr/local
PREFIX=/usr/local
BRANDING=\"Gentoo/$(uname -s)\"
Notes
We don't support building a static OpenRC with PAM.
You may need to use PROGLDFLAGS=-Wl,-Bstatic on glibc instead of just -static.
If you are building OpenRC for a Gentoo Prefix installation, add MKPREFIX=yes.
PKG_PREFIX should be set to where packages install to by default.
LOCAL_PREFIX should be set when to where user maintained packages are.
Only set LOCAL_PREFIX if different from PKG_PREFIX.
PREFIX should be set when OpenRC is not installed to /.
If any of the following files exist then we do not overwrite them
/etc/devd.conf
/etc/rc
/etc/rc.shutdown
/etc/conf.d/*
rc and rc.shutdown are the hooks from the BSD init into OpenRC.
devd.conf is modified from FreeBSD to call /etc/rc.devd which is a
generic hook into OpenRC.
inittab is the same, but for SysVInit as used by most Linux distributions.
This can be found in the support folder.
Obviously, if you're installing this onto a system that does not use OpenRC by default then you may wish to backup the above listed files, remove them and then install so that the OS hooks into OpenRC.
Reporting Bugs
If you are using Gentoo Linux, bugs can be filed on their bugzilla under
the gentoo hosted projects product and the openrc component [1].
Otherwise, you can report issues on our github [2].
Better yet, if you can contribute code, please feel free to submit pull requests [3].
IRC Channel
We have an official irc channel, #openrc on freenode, feel free to join us there.
[1] https://bugs.gentoo.org/ [2] https://github.com/openrc/openrc/issues [3] https://github.com/openrc/openrc/pulls