Call for testing: OpenSSH 8.1
Joseph S. Testa II
jtesta at positronsecurity.com
Tue Oct 8 03:08:27 AEDT 2019
While compiling the master branch on
https://github.com/openssh/openssh-portable just now on the latest
version of Kali Linux, I got the following warnings:
fmt_scaled.c: In function ‘fmt_scaled’:
fmt_scaled.c:272:52: warning: ‘%1lld’ directive output may be truncated
writing between 1 and 17 bytes into a region of size between 0 and 5
[-Wformat-truncation=]
272 | (void)snprintf(result, FMT_SCALED_STRSIZE, "%lld.%1lld%c",
| ^~~~~
fmt_scaled.c:272:46: note: directive argument in the range
[-9007199254740991, 9]
272 | (void)snprintf(result, FMT_SCALED_STRSIZE, "%lld.%1lld%c",
| ^~~~~~~~~~~~~~
In file included from /usr/include/stdio.h:867,
from /usr/include/resolv.h:58,
from ../openbsd-compat/getrrsetbyname.h:59,
from ../openbsd-compat/openbsd-compat.h:44,
from ../includes.h:174,
from fmt_scaled.c:41:
/usr/include/x86_64-linux-gnu/bits/stdio2.h:67:10: note:
‘__builtin___snprintf_chk’ output between 5 and 40 bytes into a
destination of size 7
67 | return __builtin___snprintf_chk (__s, __n,
__USE_FORTIFY_LEVEL - 1,
|
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
68 | __bos (__s), __fmt, __va_arg_pack ());
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ar: creating libopenbsd-compat.a
sshkey.c: In function ‘sshkey_format_cert_validity’:
sshkey.c:2994:42: warning: ‘%s’ directive output may be truncated
writing up to 31 bytes into a region of size between 24 and 55
[-Wformat-truncation=]
2994 | snprintf(ret, sizeof(ret), "from %s to %s", from, to);
| ^~ ~~
In file included from /usr/include/stdio.h:867,
from /usr/include/resolv.h:58,
from openbsd-compat/getrrsetbyname.h:59,
from openbsd-compat/openbsd-compat.h:44,
from includes.h:174,
from sshkey.c:28:
/usr/include/x86_64-linux-gnu/bits/stdio2.h:67:10: note:
‘__builtin___snprintf_chk’ output between 10 and 72 bytes into a
destination of size 64
67 | return __builtin___snprintf_chk (__s, __n,
__USE_FORTIFY_LEVEL - 1,
|
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
68 | __bos (__s), __fmt, __va_arg_pack ());
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
hostfile.c: In function ‘host_hash’:
hostfile.c:150:44: warning: ‘%s’ directive output may be truncated
writing up to 511 bytes into a region of size between 509 and 1020
[-Wformat-truncation=]
150 | snprintf(encoded, sizeof(encoded), "%s%s%c%s", HASH_MAGIC,
uu_salt,
| ^~
151 | HASH_DELIM, uu_result);
| ~~~~~~~~~
In file included from /usr/include/stdio.h:867,
from /usr/include/resolv.h:58,
from openbsd-compat/getrrsetbyname.h:59,
from openbsd-compat/openbsd-compat.h:44,
from includes.h:174,
from hostfile.c:39:
/usr/include/x86_64-linux-gnu/bits/stdio2.h:67:10: note:
‘__builtin___snprintf_chk’ output between 5 and 1027 bytes into a
destination of size 1024
67 | return __builtin___snprintf_chk (__s, __n,
__USE_FORTIFY_LEVEL - 1,
|
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
68 | __bos (__s), __fmt, __va_arg_pack ());
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ar: creating libssh.a
sshconnect.c: In function ‘check_host_key.constprop’:
sshconnect.c:895:8: warning: ‘%s’ directive output may be truncated
writing up to 1023 bytes into a region of size between 773 and 973
[-Wformat-truncation=]
895 | "The authenticity of host '%.200s (%s)' can't be "
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
......
900 | host, ip, msg1, type, fp,
| ~~~~
sshconnect.c:896:20: note: format string is defined here
896 | "established%s\n"
| ^~
In file included from /usr/include/stdio.h:867,
from /usr/include/resolv.h:58,
from openbsd-compat/getrrsetbyname.h:59,
from openbsd-compat/openbsd-compat.h:44,
from includes.h:174,
from sshconnect.c:16:
/usr/include/x86_64-linux-gnu/bits/stdio2.h:67:10: note:
‘__builtin___snprintf_chk’ output 144 or more bytes (assuming 2391) into
a destination of size 1024
67 | return __builtin___snprintf_chk (__s, __n,
__USE_FORTIFY_LEVEL - 1,
|
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
68 | __bos (__s), __fmt, __va_arg_pack ());
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ssh-keygen.c: In function ‘do_convert_to’:
ssh-keygen.c:346:34: warning: ‘%s’ directive output may be truncated
writing up to 1024 bytes into a region of size 39 [-Wformat-truncation=]
346 | "%u-bit %s, converted by %s@%s from OpenSSH",
| ^~
347 | sshkey_size(k), sshkey_type(k),
348 | pw->pw_name, hostname);
| ~~~~~~~~
In file included from /usr/include/stdio.h:867,
from /usr/include/resolv.h:58,
from openbsd-compat/getrrsetbyname.h:59,
from openbsd-compat/openbsd-compat.h:44,
from includes.h:174,
from ssh-keygen.c:15:
/usr/include/x86_64-linux-gnu/bits/stdio2.h:67:10: note:
‘__builtin___snprintf_chk’ output 36 or more bytes (assuming 1060) into
a destination of size 61
67 | return __builtin___snprintf_chk (__s, __n,
__USE_FORTIFY_LEVEL - 1,
|
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
68 | __bos (__s), __fmt, __va_arg_pack ());
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ssh-keygen.c: In function ‘main’:
ssh-keygen.c:3280:41: warning: ‘%s’ directive output may be truncated
writing up to 1024 bytes into a region of size 1023 [-Wformat-truncation=]
3280 | snprintf(comment, sizeof comment, "%s@%s", pw->pw_name,
hostname);
| ^~ ~~~~~~~~
In file included from /usr/include/stdio.h:867,
from /usr/include/resolv.h:58,
from openbsd-compat/getrrsetbyname.h:59,
from openbsd-compat/openbsd-compat.h:44,
from includes.h:174,
from ssh-keygen.c:15:
/usr/include/x86_64-linux-gnu/bits/stdio2.h:67:10: note:
‘__builtin___snprintf_chk’ output 2 or more bytes (assuming 1026) into a
destination of size 1024
67 | return __builtin___snprintf_chk (__s, __n,
__USE_FORTIFY_LEVEL - 1,
|
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
68 | __bos (__s), __fmt, __va_arg_pack ());
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ssh-keygen.c:1079:41: warning: ‘%s’ directive output may be truncated
writing up to 1024 bytes into a region of size 1023 [-Wformat-truncation=]
1079 | snprintf(comment, sizeof comment, "%s@%s", pw->pw_name,
| ^~
1080 | hostname);
| ~~~~~~~~
In file included from /usr/include/stdio.h:867,
from /usr/include/resolv.h:58,
from openbsd-compat/getrrsetbyname.h:59,
from openbsd-compat/openbsd-compat.h:44,
from includes.h:174,
from ssh-keygen.c:15:
/usr/include/x86_64-linux-gnu/bits/stdio2.h:67:10: note:
‘__builtin___snprintf_chk’ output 2 or more bytes (assuming 1026) into a
destination of size 1024
67 | return __builtin___snprintf_chk (__s, __n,
__USE_FORTIFY_LEVEL - 1,
|
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
68 | __bos (__s), __fmt, __va_arg_pack ());
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ssh-agent.c: In function ‘main’:
ssh-agent.c:1232:48: warning: ‘/agent.’ directive output may be
truncated writing 7 bytes into a region of size between 1 and 4096
[-Wformat-truncation=]
1232 | snprintf(socket_name, sizeof socket_name, "%s/agent.%ld",
socket_dir,
| ^~~~~~~
ssh-agent.c:1232:45: note: directive argument in the range [-2147483648,
2147483647]
1232 | snprintf(socket_name, sizeof socket_name, "%s/agent.%ld",
socket_dir,
| ^~~~~~~~~~~~~~
In file included from /usr/include/stdio.h:867,
from /usr/include/resolv.h:58,
from openbsd-compat/getrrsetbyname.h:59,
from openbsd-compat/openbsd-compat.h:44,
from includes.h:174,
from ssh-agent.c:37:
/usr/include/x86_64-linux-gnu/bits/stdio2.h:67:10: note:
‘__builtin___snprintf_chk’ output between 9 and 4114 bytes into a
destination of size 4096
67 | return __builtin___snprintf_chk (__s, __n,
__USE_FORTIFY_LEVEL - 1,
|
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
68 | __bos (__s), __fmt, __va_arg_pack ());
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Here's the version of gcc in use:
# gcc --version
gcc (Debian 9.2.1-8) 9.2.1 20190909
FYI, all tests pass on Kali Linux.
- Joe
--
Joseph S. Testa II
Founder & Principal Security Consultant
Positron Security
More information about the openssh-unix-dev
mailing list