Your message dated Mon, 7 Sep 2009 23:33:28 +0200
with message-id <[email protected]>
and subject line Re: [Pkg-vsquare-devel] Bug#517597: vde2: slirpvde buffer 
overflow
has caused the Debian Bug report #517597,
regarding vde2: slirpvde buffer overflow
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
517597: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=517597
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Subject: vde2: slirpvde buffer overflow                          
Package: vde2                                                    
Version: 2.2.2-3                                                 
Severity: normal                                                 
Tags: patch                                                      

slirpvde buffer overflow; fixed in upstream svn rev 329

A patch of that revision is attached for your convenience.

Without it starting slirpvde (at least on amd64) results in:
$ slirpvde -s /tmp/switch1                                  
 *** buffer overflow detected ***: slirpvde terminated      
 ======= Backtrace: =========                               
 /lib/libc.so.6(__fortify_fail+0x37)[0x7fc64b9af887]        
 /lib/libc.so.6[0x7fc64b9ad750]                             
 /lib/libc.so.6[0x7fc64b9adde7]                             
 slirpvde[0x40b3c4]                                         
 /lib/libc.so.6(__libc_start_main+0xe6)[0x7fc64b8ce466]     
 slirpvde[0x401ca9]                                         
 ======= Memory map: ========                               
 00400000-0040f000 r-xp 00000000 08:03 3944288 /usr/bin/slirpvde
 0060e000-0060f000 r--p 0000e000 08:03 3944288 /usr/bin/slirpvde
 0060f000-00610000 rw-p 0000f000 08:03 3944288 /usr/bin/slirpvde
 00610000-00611000 rw-p 00610000 00:00 0                        
 01fbd000-01fde000 rw-p 01fbd000 00:00 0 [heap]                 
 7fc64b698000-7fc64b6ae000 r-xp 00000000 08:03 10960944 /lib/libgcc_s.so.1
 7fc64b6ae000-7fc64b8ae000 ---p 00016000 08:03 10960944 /lib/libgcc_s.so.1
 7fc64b8ae000-7fc64b8af000 r--p 00016000 08:03 10960944 /lib/libgcc_s.so.1
 7fc64b8af000-7fc64b8b0000 rw-p 00017000 08:03 10960944 /lib/libgcc_s.so.1
 7fc64b8b0000-7fc64ba19000 r-xp 00000000 08:03 10961157 /lib/libc-2.8.90.so
 7fc64ba19000-7fc64bc18000 ---p 00169000 08:03 10961157 /lib/libc-2.8.90.so
 7fc64bc18000-7fc64bc1c000 r--p 00168000 08:03 10961157 /lib/libc-2.8.90.so
 7fc64bc1c000-7fc64bc1d000 rw-p 0016c000 08:03 10961157 /lib/libc-2.8.90.so
 7fc64bc1d000-7fc64bc22000 rw-p 7fc64bc1d000 00:00 0                       
 7fc64bc22000-7fc64bc24000 r-xp 00000000 08:03 10961160 /lib/libdl-2.8.90.so
 7fc64bc24000-7fc64be24000 ---p 00002000 08:03 10961160 /lib/libdl-2.8.90.so
 7fc64be24000-7fc64be25000 r--p 00002000 08:03 10961160 /lib/libdl-2.8.90.so
 7fc64be25000-7fc64be26000 rw-p 00003000 08:03 10961160 /lib/libdl-2.8.90.so
 7fc64be26000-7fc64be2a000 r-xp 00000000 08:03 3943265 
/usr/lib/libvdeplug.so.2.1.0
 7fc64be2a000-7fc64c029000 ---p 00004000 08:03 3943265 
/usr/lib/libvdeplug.so.2.1.0
 7fc64c029000-7fc64c02a000 r--p 00003000 08:03 3943265 
/usr/lib/libvdeplug.so.2.1.0
 7fc64c02a000-7fc64c02b000 rw-p 00004000 08:03 3943265 
/usr/lib/libvdeplug.so.2.1.0
 7fc64c02b000-7fc64c04a000 r-xp 00000000 08:03 10960957 /lib/ld-2.8.90.so       
   
 7fc64c22c000-7fc64c22e000 rw-p 7fc64c22c000 00:00 0                            
   
 7fc64c246000-7fc64c249000 rw-p 7fc64c246000 00:00 0                            
   
 7fc64c249000-7fc64c24a000 r--p 0001e000 08:03 10960957 /lib/ld-2.8.90.so       
   
 7fc64c24a000-7fc64c24b000 rw-p 0001f000 08:03 10960957 /lib/ld-2.8.90.so       
   
 7fff54235000-7fff5424a000 rw-p 7ffffffea000 00:00 0 [stack]                    
   
 7fff543fe000-7fff543ff000 r-xp 7fff543fe000 00:00 0 [vdso]
 ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]
 Abandon

-- System Information:
Debian Release: lenny/sid
  APT prefers intrepid-updates
  APT policy: (500, 'intrepid-updates'), (500, 'intrepid-security'), (500, 
'intrepid-backports'), (500, 'intrepid'), (400, 'intrepid-proposed')
Architecture: i386 (i686)

Kernel: Linux 2.6.27-11-generic (SMP w/1 CPU core)
Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages vde2 depends on:
ii  adduser            3.108ubuntu1          add and remove users and groups
ii  libc6              2.8~20080505-0ubuntu9 GNU C Library: Shared libraries
ii  libpcap0.8         0.9.8-5               system interface for user-level 
pa
ii  libvdemgmt0        2.2.2-3               Virtual Distributed Ethernet - 
Man
ii  libvdeplug2        2.2.2-3               Virtual Distributed Ethernet - 
Plu

vde2 recommends no packages.

-- no debconf information
--- vde-2/src/slirpvde/slirpvde.c	2008/06/15 10:33:11	273
+++ vde-2/src/slirpvde/slirpvde.c	2008/09/30 21:43:07	329
@@ -53,7 +53,7 @@
 VDECONN *conn;
 int dhcpmgmt=0;
 static char *pidfile = NULL;
-static char pidfile_path[_POSIX_PATH_MAX];
+static char pidfile_path[PATH_MAX];
 int logok=0;
 char *prog;
 extern FILE *lfd;
@@ -78,9 +78,11 @@
 static void save_pidfile()
 {
 	if(pidfile[0] != '/')
-		strncat(pidfile_path, pidfile, PATH_MAX - strlen(pidfile_path));
-	else
-		strcpy(pidfile_path, pidfile);
+		strncat(pidfile_path, pidfile, sizeof(pidfile_path) - strlen(pidfile_path) -1);
+	else {
+		pidfile_path[0] = 0;
+		strncat(pidfile_path, pidfile, sizeof(pidfile_path)-1);
+	}
 
 	int fd = open(pidfile_path,
 			O_WRONLY | O_CREAT | O_EXCL,
@@ -433,7 +435,7 @@
 		exit(1);
 	}
 	
-	strcat(pidfile_path, "/");
+	strncat(pidfile_path, "/", sizeof(pidfile_path) - strlen(pidfile_path) -1);
 	if (daemonize && daemon(0, 0)) {
 		printlog(LOG_ERR,"daemon: %s",strerror(errno));
 		exit(1);

--- End Message ---
--- Begin Message ---
On Sat, Feb 28, 2009 at 21:02:34 +0100, Andreas Wenning wrote:

> slirpvde buffer overflow; fixed in upstream svn rev 329
> A patch of that revision is attached for your convenience.

Although we forgot to mention it in the changelog, this bug has been
solved since vde2-2.2.3-1.

Thank you for your patch anyway, and excuse us for the delayed release.

Ludovico
-- 
<[email protected]>        #acheronte (irc.freenode.net) ICQ: 64483080
GPG ID: 07F89BB8          Jabber: [email protected] Yahoo: gardenghelle
-- This is signature nr. 5180


--- End Message ---

Reply via email to