Your message dated Sun, 01 Dec 2024 22:19:27 +0000
with message-id <[email protected]>
and subject line Bug#1067030: fixed in gammu 1.42.0-10
has caused the Debian Bug report #1067030,
regarding gammu: FTBFS in Ubuntu due to buffer overflow
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1067030: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067030
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: gammu
Version: 1.42.0-8.1
Severity: important
Tags: patch
User: [email protected]
Usertags: origin-ubuntu noble ubuntu-patch
Hi Boian,
In Ubuntu gammu fails to build from source with the current default compiler
because it checks more strictly than Debian's for buffer overflows, and it
finds one in the handling of the GSM_Backup.Creator field: this is a buffer
of 80 characters, and the code assumes it can shove the entire output of
`uname` into it with no bounds checking.
Attached is a patch that allows the package to build without test failures
due to buffer overflows.
Thanks for considering,
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
Ubuntu Developer https://www.debian.org/
[email protected] [email protected]
diff -Nru gammu-1.42.0/debian/patches/series gammu-1.42.0/debian/patches/series
--- gammu-1.42.0/debian/patches/series 2023-01-29 13:07:57.000000000 -0800
+++ gammu-1.42.0/debian/patches/series 2024-03-17 01:18:45.000000000 -0700
@@ -5,3 +5,4 @@
06-disable_smsd-dbi-sqlite3.patch
07-use_posix_shell_only.patch
08-no_warnings_in_docs.patch
+uname-buffer-overflow.patch
diff -Nru gammu-1.42.0/debian/patches/uname-buffer-overflow.patch
gammu-1.42.0/debian/patches/uname-buffer-overflow.patch
--- gammu-1.42.0/debian/patches/uname-buffer-overflow.patch 1969-12-31
16:00:00.000000000 -0800
+++ gammu-1.42.0/debian/patches/uname-buffer-overflow.patch 2024-03-17
01:22:52.000000000 -0700
@@ -0,0 +1,47 @@
+Description: fix buffer overflow in GSM_Backup.Creator
+ GSM_Backup contains an 80-char 'Creator' field which it tries to fill
+ with the contents of 'uname -a'. Recent compilers rightly detect a
+ buffer overflow (on Ubuntu, this output is 120 characters long and it's
+ not the only thing expected to go in this field). Avoid use of the
+ never-safe strcat().
+Author: Steve Langasek <[email protected]>
+Forwarded: no
+Last-Update: 2024-03-17
+
+Index: gammu-1.42.0/gammu/backup.c
+===================================================================
+--- gammu-1.42.0.orig/gammu/backup.c
++++ gammu-1.42.0/gammu/backup.c
+@@ -347,6 +347,7 @@
+ GSM_GPRSAccessPoint GPRSPoint;
+ gboolean DoBackupPart;
+ char buffer[GSM_MAX_INFO_LENGTH];
++ size_t len;
+
+ if (argc == 4 && strcasecmp(argv[3],"-yes") == 0) always_answer_yes =
TRUE;
+
+@@ -354,13 +355,18 @@
+ GSM_GetBackupFormatFeatures(GSM_GuessBackupFormat(argv[2],
FALSE),&Info);
+
+ sprintf(Backup.Creator, "Gammu %s", GAMMU_VERSION);
+- if (strlen(GetOS()) != 0) {
+- strcat(Backup.Creator+strlen(Backup.Creator),", ");
+- strcat(Backup.Creator+strlen(Backup.Creator),GetOS());
++ len = sizeof(Backup.Creator) - strlen(Backup.Creator) - 1;
++ if (strlen(GetOS()) != 0 && len > strlen(GetOS()) + 3) {
++ strncat(Backup.Creator+strlen(Backup.Creator),", ", len);
++ len -= 2;
++ strncat(Backup.Creator+strlen(Backup.Creator),GetOS(), len);
++ len -= strlen(GetOS());
+ }
+- if (strlen(GetCompiler()) != 0) {
+- strcat(Backup.Creator+strlen(Backup.Creator),", ");
+- strcat(Backup.Creator+strlen(Backup.Creator),GetCompiler());
++ if (strlen(GetCompiler()) != 0 && len > strlen(GetCompiler()) + 3) {
++ strncat(Backup.Creator+strlen(Backup.Creator),", ", len);
++ len -= 2;
++ strncat(Backup.Creator+strlen(Backup.Creator),GetCompiler(),
++ len);
+ }
+
+ signal(SIGINT, interrupt);
--- End Message ---
--- Begin Message ---
Source: gammu
Source-Version: 1.42.0-10
Done: Boian Bonev <[email protected]>
We believe that the bug you reported is fixed in the latest version of
gammu, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Boian Bonev <[email protected]> (supplier of updated gammu package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 01 Dec 2024 21:12:22 +0000
Source: gammu
Architecture: source
Version: 1.42.0-10
Distribution: unstable
Urgency: medium
Maintainer: Boian Bonev <[email protected]>
Changed-By: Boian Bonev <[email protected]>
Closes: 1067030 1088835
Changes:
gammu (1.42.0-10) unstable; urgency=medium
.
[ Boian Bonev ]
* Bump up standards to 4.7.0, no changes
* Add Suggests: kalkun to gammu-smsd (Closes: #1088835)
.
[ Steve Langasek ]
* Fix buffer overflow (Closes: #1067030)
Checksums-Sha1:
42a22622fca01c35f856210249e2d1ab08163b12 2555 gammu_1.42.0-10.dsc
b9f5a1f8db4717c2094d166ea813fa3d237b664b 26640 gammu_1.42.0-10.debian.tar.xz
5c681d6b1a299881cfa0c040d71274ed64332a5a 16589 gammu_1.42.0-10_amd64.buildinfo
Checksums-Sha256:
725fca45f5f458ce403a539e27166b80e77cbbe35a03faed88ff485e720fb2cc 2555
gammu_1.42.0-10.dsc
4c371c0e85f560ab03912c099dcc2479854a67a4737e8c785f035f47e315feaa 26640
gammu_1.42.0-10.debian.tar.xz
4a1c34513e1d4a19a8bfb282332aabc7f473dc08dbad2b616285e2e5aa81b8d2 16589
gammu_1.42.0-10_amd64.buildinfo
Files:
cc8cec5fd4fc649bc0a6bee02b0ec73f 2555 comm optional gammu_1.42.0-10.dsc
3c63b0da3752ea185f773053ed494ed8 26640 comm optional
gammu_1.42.0-10.debian.tar.xz
c06e5623e91241b0011b5a97e31d2d12 16589 comm optional
gammu_1.42.0-10_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJGBAEBCgAwFiEEumC8IPN+WURNbSUAE2VyCRPS8i0FAmdM178SHGJib25ldkBp
cGFjY3QuY29tAAoJEBNlcgkT0vItUjQP/iHO/6OUQt0sPOVsG5hk271dvfyKK9Jr
XliIZcB3spYPH5wYAuGE14Wx6c3rs4w8eYDMpAEcVfWfMST3kCTEv0G0OeRqAFwE
SLMrGXrMgMlcYTX+X4qIMurcxPDk8hkTjFvmoU+W2bhdjypLwuyC8DTxJEhku5PQ
F1WBgBitKh+xxjAeTFqG7NdsR7Oz00Eotg5TBRvOoJgcusTClSrFSh+qoq5I7Vaa
e8N1sJlzPaa+YBTHkfEP6NigxSuB+QF+f6jwpvqjSR2Smj1VSkyTX14+tPjopAtf
DFFJKgboKZden9M5XFCzDlyvpHRrXyrPNXDvoU+fl0+GdOU0MnKHM1+xM6lrKpkB
ofW2wjwXr2FEzUtzvxO2rvy7rgX6eeDGEn8/CR5/yo4YoCzK8BYv+VNrNlB39UTe
4PbAlbahamzhSnmfia8HLvksS+fV8m3YrJulFlcmyWFC9C05lewt9nETxYT/LiyF
gCdRtuAQjkGMpUQ6npUYjXdk1wwDKpXhzXwcM96fVBj6+Nny8lrwttxAo3j2/x5H
m+iQNqZQ82cbj5imZhfOi+lyrOaP31Q5d80rKZhHCQBtGx1r40y0Ht3Ff09V1oyk
gqZklvhhz+eGL9qVooIY65XeChUuv/N4rNYz6n1Em8usJ5U3m/+DC2I2h+ZP1vwa
niAAwXfmdOYb
=GRgZ
-----END PGP SIGNATURE-----
pgpJgaEPU1S5h.pgp
Description: PGP signature
--- End Message ---
