Your message dated Sat, 11 Jan 2025 20:42:46 +0000
with message-id <[email protected]>
and subject line Bug#1092552: fixed in atftp 0.8.0-6
has caused the Debian Bug report #1092552,
regarding atftpd: Crashes when sending a TFTP error if LTO is enabled
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1092552: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1092552
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: atftpd
Version: 0.8.0-5
Severity: minor
Tags: patch
Hi,
If you recompile atftp using LTO, it will crash when sending an error
message.
This was originally reported in Ubuntu and is the reason why Ubuntu
patches this package (they enable LTO by default).
https://bugs.launchpad.net/ubuntu/+source/atftp/+bug/1989816
The bug occurs because LTO allows GCC to "see" the size of the "th_msg"
field in the "tftp_send_error" function. This triggers the second case
of gore discussed in this glibc thread (and was not fixed in glibc):
https://sourceware.org/pipermail/libc-alpha/2012-April/028823.html
I've attached a patch to fix it by switching to memcpy. GCC allows
memcpy in more situations than strncpy so it doesn't abort.
Thanks,
James
Description: Fix fortify abort when LTO is enabled
Usually the Strncpy call in tftp_send_error cannot be inlined, but if
LTO is enabled GCC will inline it all the way to a strncpy call. This
call is subject to fortification checks and will always fail because
`th_msg` has zero size.
.
Fix by using memcpy instead. memcpy has weaker fortification rules
for structure members so it won't abort.
.
See: https://sourceware.org/pipermail/libc-alpha/2012-April/028823.html
And: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=52944
Author: James Cowgill <[email protected]>
Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/atftp/+bug/1989816
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
--- a/tftp_io.c
+++ b/tftp_io.c
@@ -168,9 +168,9 @@ int tftp_send_error(int socket, struct s
return ERR;
tftphdr->th_opcode = htons(ERROR);
tftphdr->th_code = htons(err_code);
- Strncpy(tftphdr->th_msg, tftp_errmsg[err_code], buffer_size - 4);
size = 4 + strlen(tftp_errmsg[err_code]) + 1;
+ memcpy(tftphdr->th_msg, tftp_errmsg[err_code], size - 4);
result = sendto(socket, tftphdr, size, 0, (struct sockaddr *)sa,
sizeof(*sa));
--- End Message ---
--- Begin Message ---
Source: atftp
Source-Version: 0.8.0-6
Done: Andreas B. Mundt <[email protected]>
We believe that the bug you reported is fixed in the latest version of
atftp, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Andreas B. Mundt <[email protected]> (supplier of updated atftp package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 11 Jan 2025 20:03:30 +0100
Source: atftp
Architecture: source
Version: 0.8.0-6
Distribution: unstable
Urgency: medium
Maintainer: Ludovic Drolez <[email protected]>
Changed-By: Andreas B. Mundt <[email protected]>
Closes: 1091703 1092552
Changes:
atftp (0.8.0-6) unstable; urgency=medium
.
* Update catalan translation (closes: #1091703). Thanks to
Carles Pina i Estany <[email protected]>.
* Apply patch to fix fortify abort when LTO is enabled
(closes: #1092552). Thanks to James Cowgill <[email protected]>.
Checksums-Sha1:
3b943f96ad0937404ee41a0d7f7dc3ab447f650d 2004 atftp_0.8.0-6.dsc
c2812c485daabe81fa25ecfa0b7eefd191cf06ce 32324 atftp_0.8.0-6.debian.tar.xz
bbf1830b8c5305dac5cebaf0c109b1174719c201 6608 atftp_0.8.0-6_amd64.buildinfo
Checksums-Sha256:
94578e1a08f3efb4123d8101ddcf0766abe384576cb537cc23ab273b81db940c 2004
atftp_0.8.0-6.dsc
a78354af8116bd61d5e272bca7762837be2420b5093cfde23dd0355105983eb2 32324
atftp_0.8.0-6.debian.tar.xz
668187a9ad10a811ee720f7b12c68a6351bd7f113b21b2f47b2092b60ecb7219 6608
atftp_0.8.0-6_amd64.buildinfo
Files:
bd5667f3db52a49ab8275ac771f38455 2004 net optional atftp_0.8.0-6.dsc
42e716cdbe96b2cb231bbe7068a5d489 32324 net optional atftp_0.8.0-6.debian.tar.xz
0e2ccf450d3bc3b4b437b73928ac2f1c 6608 net optional
atftp_0.8.0-6_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEk4pc7h4pDeJV2ayYsB/qhGF7WG0FAmeCztgACgkQsB/qhGF7
WG1jYhAAm4P38CPttW12n2Ou7CaAseELcEBNDjCiokidD9upqVo/ps/0LKLHosYT
2MssMgWjk0+j4DEbUCTxjHvltYB3o1n1Bo0iGErgHExeKxlb2U4AbUXJ86pXuuMJ
LXlCAKvWYH0MzJnWZvECHIgRBjoiE62sPyus/qhUKIwoHJdAkRELa11tyKXjKDf9
PO5X1gXnG8JwB59rNL7sPHIa/zVSEsc6/nSaOBE58LY+Fxpj3WKahC5q6Qe64atc
5jNXxsDoRJ9dYNbyWK+Rv2Zf51yVsuNXen+laasEh2RxaGyLGDEJ2wEhco5j7bnK
JQmns3tBBQ3SSZBJfzQtn8D79bZtmXkHjGofKSyTh1PBjSLIjoxkkgzOv5DeWH8f
bywx7VDVcQANfk5VKFPOKQ1ilMeGucJOsvb4XecSi9upQpJafAVXHv5vQYkdSsyV
/fmFDkkHr5DjA8bWG6eoAr1g5X7QjjMQZoo9hNWfDexLFC69XzZquWk1j7XHPyRa
ryClAyAVozLss4jHOMxNw/IJTP7VTTYd8+fWrH9s9WDQ0fJ/uJUAveni/7yQAdFw
pdW/RtwK3fgohZvD1igajFgMkge+RVAuL4C1sQFb8cf7Hq0lGrh2m/6l6veOuCqu
MIWbcbp9LSuQIz9dB2UW7SNyKjFiF8f6LEjqNq5Fxqq+pv29ZTM=
=RmO+
-----END PGP SIGNATURE-----
pgpZRPm0Vq4Xr.pgp
Description: PGP signature
--- End Message ---
