dropbear icon indicating copy to clipboard operation
dropbear copied to clipboard

Published 20 hours ago verified publisher icon mkj

AIX 7.1: compat.h:44:7: error: conflicting types for 'basename

Open arozehnal opened this issue 2 years ago • 6 comments

The compilation ends with an error:

a - bn_s_mp_sqr.o a - bn_s_mp_sqr_fast.o a - bn_s_mp_sub.o a - bn_s_mp_toom_mul.o a - bn_s_mp_toom_sqr.o ranlib libtommath.a make[1]: Leaving directory '/work/RO/dropbear-2020.81/libtommath' gcc -c -I./libtomcrypt/src/headers/ -DLOCALOPTIONS_H_EXISTS -I. -I. -Os -W -Wall -Wno-pointer-sign -fno-strict-overflow -fPIE -fstack-protector-strong -D_FORTIFY_SOURCE=2 -DDROPBEAR_SERVER -DDROPBEAR_CLIENT dbutil.c -o dbutil.o In file included from includes.h:141, from dbutil.c:64: compat.h:44:7: error: conflicting types for 'basename' char basename(const char path); ^~~~~~~~ In file included from includes.h:122, from dbutil.c:64: /usr/include/libgen.h:60:14: note: previous declaration of 'basename' was here extern char *basename(char *); ^~~~~~~~ make: *** [Makefile:152: dbutil.o] Error 1

I have AIX 7.1 and some packages from AIX Linux Toolbox (including gcc version 8.3.0)

arozehnal avatar Apr 19 '22 22:04 arozehnal

Could you attach config.log ? The configure script should check whether basename() exists. You could see if Dropbear 2022.82 improves things, there were a few minor changes to configure scripts.

mkj avatar Apr 20 '22 13:04 mkj

I did fresh 'git clone....' ./configure --disable-zlib

then created localoptions.h with: #define DROPBEAR_SVR_PASSWORD_AUTH 0

make the end is same error as I mentioned above. config.log

arozehnal avatar Apr 20 '22 18:04 arozehnal

Most of the configure tests are failing with

collect2: fatal error: library libssp_nonshared not found

libssp_nonshared looks like it's a library that comes from gcc - is there something wrong with the toolchain?

mkj avatar Apr 24 '22 15:04 mkj

I'm not a programmer, but tried this... (this time on a different server with AIX7.2)

first I searched for library libssp_nonshared I found this -> https://stackoverflow.com/questions/1348895/how-do-i-get-c-programs-to-link-with-gccs-stack-protector-feature-on-aix it not being a separate library, but part of the compiler

from the listing of gcc -v Using built-in specs. COLLECT_GCC=gcc COLLECT_LTO_WRAPPER=/opt/freeware/libexec/gcc/powerpc-ibm-aix7.2.0.0/8.3.0/lto-wrapper Target: powerpc-ibm-aix7.2.0.0 Configured with: ../gcc-8.3.0/configure --prefix=/opt/freeware --mandir=/opt/freeware/man --infodir =/opt/freeware/info --with-local-prefix=/opt/freeware --with-as=/usr/bin/as --with-ld=/usr/bin/ld --enable-languages=c,c++,fortran,objc,obj-c++,go --enable-version-specific-runtime-libs --disable-nls --enable-decimal-float=dpd --with-cloog=no --with-ppl=no --disable-libstdcxx-pch --enable-__cxa_atexit --disable-werror --host=powerpc-ibm-aix7.2.0.0 Thread model: aix gcc version 8.3.0 (GCC)

I couldn't tell if it contained libssp support

I tried compile a simple source gcc test.c -fstack-protector-strong and got the familiar error main() { ^~~~ collect2: fatal error: library libssp_nonshared not found compilation terminated.

Then I tried using -fno-stack-protector - it worked but it wasn't enough to suppress fstack-protector-strong.

Finally I tried directly in configure to replace the occurrences of fstack-protector-strong with fno-stack-protector With the new Makefile I already compiled dbutil.c but then it crashed when compiling loginrec.c

gcc -c -fno-stack-protector -fno-stack-check -fno-stack-protector -fno-stack-check -Wno-pointer- sign -fno-strict-overflow -fPIE -fno-stack-protector -D_FORTIFY_SOURCE=2 -I./libtomcrypt/src/heade rs/ -DLOCALOPTIONS_H_EXISTS -I. -I. -DDROPBEAR_SERVER -DDROPBEAR_CLIENT termcodes.c -o termcodes.o gcc -c -fno-stack-protector -fno-stack-check -fno-stack-protector -fno-stack-check -Wno-pointer- sign -fno-strict-overflow -fPIE -fno-stack-protector -D_FORTIFY_SOURCE=2 -I./libtomcrypt/src/heade rs/ -DLOCALOPTIONS_H_EXISTS -I. -I. -DDROPBEAR_SERVER -DDROPBEAR_CLIENT loginrec.c -o loginrec.o loginrec.c:1267:48: warning: 'struct lastlog' declared inside parameter list will not be visible ou tside of this definition or declaration lastlog_construct(struct logininfo *li, struct lastlog *last) ^~~~~~~ loginrec.c: In function 'lastlog_construct': loginrec.c:1270:28: error: dereferencing pointer to incomplete type 'struct lastlog' memset(last, '\0', sizeof(*last)); ^~~~~ loginrec.c: In function 'lastlog_openseek': loginrec.c:1329:44: error: invalid application of 'sizeof' to incomplete type 'struct lastlog' offset = (off_t) ((long)li->uid * sizeof(struct lastlog)); ^~~~~~ loginrec.c: In function 'lastlog_perform_login': loginrec.c:1345:17: error: storage size of 'last' isn't known struct lastlog last; ^~~~ make: *** [Makefile:154: loginrec.o] Error 1

===================================== I don't understand that anymore.
Could it have been my intervention in configure?

I know this isn't the right procedure from a security standpoint, but I wanted to make sure that I compile dropbear.

arozehnal avatar Apr 24 '22 19:04 arozehnal

yet log config.zip

arozehnal avatar Apr 24 '22 19:04 arozehnal

I think the problem is that Dropbear doesn't add the LDFLAGS when testing which hardening options should be added. I've changed the test in https://github.com/mkj/dropbear/commit/72d8cae7a4c295cabca2dd0fbe14f134762dc90a , can you see if it now avoids adding -fstack-protector? Alternatively ./configure --disable-harden will avoid any of those options.

For the newer error ./configure --disable-lastlog might be an option (though would prevent last output). I'm not sure about AIX header files.

mkj avatar Apr 26 '22 14:04 mkj