Your message dated Mon, 7 Sep 2009 23:33:28 +0200
with message-id <[email protected]>
and subject line Re: [Pkg-vsquare-devel] Bug#517597: vde2: slirpvde buffer
overflow
has caused the Debian Bug report #517597,
regarding vde2: slirpvde buffer overflow
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
517597: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=517597
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Subject: vde2: slirpvde buffer overflow
Package: vde2
Version: 2.2.2-3
Severity: normal
Tags: patch
slirpvde buffer overflow; fixed in upstream svn rev 329
A patch of that revision is attached for your convenience.
Without it starting slirpvde (at least on amd64) results in:
$ slirpvde -s /tmp/switch1
*** buffer overflow detected ***: slirpvde terminated
======= Backtrace: =========
/lib/libc.so.6(__fortify_fail+0x37)[0x7fc64b9af887]
/lib/libc.so.6[0x7fc64b9ad750]
/lib/libc.so.6[0x7fc64b9adde7]
slirpvde[0x40b3c4]
/lib/libc.so.6(__libc_start_main+0xe6)[0x7fc64b8ce466]
slirpvde[0x401ca9]
======= Memory map: ========
00400000-0040f000 r-xp 00000000 08:03 3944288 /usr/bin/slirpvde
0060e000-0060f000 r--p 0000e000 08:03 3944288 /usr/bin/slirpvde
0060f000-00610000 rw-p 0000f000 08:03 3944288 /usr/bin/slirpvde
00610000-00611000 rw-p 00610000 00:00 0
01fbd000-01fde000 rw-p 01fbd000 00:00 0 [heap]
7fc64b698000-7fc64b6ae000 r-xp 00000000 08:03 10960944 /lib/libgcc_s.so.1
7fc64b6ae000-7fc64b8ae000 ---p 00016000 08:03 10960944 /lib/libgcc_s.so.1
7fc64b8ae000-7fc64b8af000 r--p 00016000 08:03 10960944 /lib/libgcc_s.so.1
7fc64b8af000-7fc64b8b0000 rw-p 00017000 08:03 10960944 /lib/libgcc_s.so.1
7fc64b8b0000-7fc64ba19000 r-xp 00000000 08:03 10961157 /lib/libc-2.8.90.so
7fc64ba19000-7fc64bc18000 ---p 00169000 08:03 10961157 /lib/libc-2.8.90.so
7fc64bc18000-7fc64bc1c000 r--p 00168000 08:03 10961157 /lib/libc-2.8.90.so
7fc64bc1c000-7fc64bc1d000 rw-p 0016c000 08:03 10961157 /lib/libc-2.8.90.so
7fc64bc1d000-7fc64bc22000 rw-p 7fc64bc1d000 00:00 0
7fc64bc22000-7fc64bc24000 r-xp 00000000 08:03 10961160 /lib/libdl-2.8.90.so
7fc64bc24000-7fc64be24000 ---p 00002000 08:03 10961160 /lib/libdl-2.8.90.so
7fc64be24000-7fc64be25000 r--p 00002000 08:03 10961160 /lib/libdl-2.8.90.so
7fc64be25000-7fc64be26000 rw-p 00003000 08:03 10961160 /lib/libdl-2.8.90.so
7fc64be26000-7fc64be2a000 r-xp 00000000 08:03 3943265
/usr/lib/libvdeplug.so.2.1.0
7fc64be2a000-7fc64c029000 ---p 00004000 08:03 3943265
/usr/lib/libvdeplug.so.2.1.0
7fc64c029000-7fc64c02a000 r--p 00003000 08:03 3943265
/usr/lib/libvdeplug.so.2.1.0
7fc64c02a000-7fc64c02b000 rw-p 00004000 08:03 3943265
/usr/lib/libvdeplug.so.2.1.0
7fc64c02b000-7fc64c04a000 r-xp 00000000 08:03 10960957 /lib/ld-2.8.90.so
7fc64c22c000-7fc64c22e000 rw-p 7fc64c22c000 00:00 0
7fc64c246000-7fc64c249000 rw-p 7fc64c246000 00:00 0
7fc64c249000-7fc64c24a000 r--p 0001e000 08:03 10960957 /lib/ld-2.8.90.so
7fc64c24a000-7fc64c24b000 rw-p 0001f000 08:03 10960957 /lib/ld-2.8.90.so
7fff54235000-7fff5424a000 rw-p 7ffffffea000 00:00 0 [stack]
7fff543fe000-7fff543ff000 r-xp 7fff543fe000 00:00 0 [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]
Abandon
-- System Information:
Debian Release: lenny/sid
APT prefers intrepid-updates
APT policy: (500, 'intrepid-updates'), (500, 'intrepid-security'), (500,
'intrepid-backports'), (500, 'intrepid'), (400, 'intrepid-proposed')
Architecture: i386 (i686)
Kernel: Linux 2.6.27-11-generic (SMP w/1 CPU core)
Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages vde2 depends on:
ii adduser 3.108ubuntu1 add and remove users and groups
ii libc6 2.8~20080505-0ubuntu9 GNU C Library: Shared libraries
ii libpcap0.8 0.9.8-5 system interface for user-level
pa
ii libvdemgmt0 2.2.2-3 Virtual Distributed Ethernet -
Man
ii libvdeplug2 2.2.2-3 Virtual Distributed Ethernet -
Plu
vde2 recommends no packages.
-- no debconf information
--- vde-2/src/slirpvde/slirpvde.c 2008/06/15 10:33:11 273
+++ vde-2/src/slirpvde/slirpvde.c 2008/09/30 21:43:07 329
@@ -53,7 +53,7 @@
VDECONN *conn;
int dhcpmgmt=0;
static char *pidfile = NULL;
-static char pidfile_path[_POSIX_PATH_MAX];
+static char pidfile_path[PATH_MAX];
int logok=0;
char *prog;
extern FILE *lfd;
@@ -78,9 +78,11 @@
static void save_pidfile()
{
if(pidfile[0] != '/')
- strncat(pidfile_path, pidfile, PATH_MAX - strlen(pidfile_path));
- else
- strcpy(pidfile_path, pidfile);
+ strncat(pidfile_path, pidfile, sizeof(pidfile_path) - strlen(pidfile_path) -1);
+ else {
+ pidfile_path[0] = 0;
+ strncat(pidfile_path, pidfile, sizeof(pidfile_path)-1);
+ }
int fd = open(pidfile_path,
O_WRONLY | O_CREAT | O_EXCL,
@@ -433,7 +435,7 @@
exit(1);
}
- strcat(pidfile_path, "/");
+ strncat(pidfile_path, "/", sizeof(pidfile_path) - strlen(pidfile_path) -1);
if (daemonize && daemon(0, 0)) {
printlog(LOG_ERR,"daemon: %s",strerror(errno));
exit(1);
--- End Message ---
--- Begin Message ---
On Sat, Feb 28, 2009 at 21:02:34 +0100, Andreas Wenning wrote:
> slirpvde buffer overflow; fixed in upstream svn rev 329
> A patch of that revision is attached for your convenience.
Although we forgot to mention it in the changelog, this bug has been
solved since vde2-2.2.3-1.
Thank you for your patch anyway, and excuse us for the delayed release.
Ludovico
--
<[email protected]> #acheronte (irc.freenode.net) ICQ: 64483080
GPG ID: 07F89BB8 Jabber: [email protected] Yahoo: gardenghelle
-- This is signature nr. 5180
--- End Message ---