Bug#1060293: gnome-nettool: Aborts with assert failure: *** stack smashing detected ***

2024-05-02 Thread Bernhard Übelacker 

Hello,
I am not maintainer of gnome-nettool, just tried to debug this issue.

gnome-nettool collects the information from an execution
of a dig command [1] and parses the output.
Unfortunately the parsing is done into some fixed size arrays
and the dig output overflows those.
E.g. the destination buffer is 128 bytes,
but 419 bytes from the line get written to it.

This parsing is done here [2] with the format string from here [3].

The stack canary is overwritten with this backtrace [4].

Kind regards,
Bernhard


[1] dig +nocomments +search +nocmd +nostats +noadditional codethink.co.uk ANY

[2] https://sources.debian.org/src/gnome-nettool/42.0-1/src/lookup.c/#L260

[3] https://sources.debian.org/src/gnome-nettool/42.0-1/src/lookup.h/#L25

[4]
  (rr) bt
  #0  0x7f28a2aa5735 in __vfscanf_internal (s=s@entry=0x7fff90ce11c0, 
format=format@entry=0x5572c3ef6a71 "%s %d %s %s %[^\n]", 
argptr=argptr@entry=0x7fff90ce11a8, mode_flags=mode_flags@entry=2) at 
./stdio-common/vfscanf-internal.c:2896
  #1  0x7f28a2a9791d in __GI___isoc99_sscanf (s=0x5572c5b75e70 
"codethink.co.uk.\t20762\tIN\tRRSIG\tSOA 10 3 86400 20240531041601 20240501031601 19848 
codethink.co.uk. m9sD9b/i+u7lOqOp/I/DSSxR8XoF8nA4bjCkHKdx3w8RdvFUGjOwsH77 
5t2+sFagf7qZ2YLcABs+mDpOe3UFzrGcMbNGRkXGYcW"..., format=format@entry=0x5572c3ef6a71 "%s 
%d %s %s %[^\n]") at ./stdio-common/isoc99_sscanf.c:31
  #2  0x5572c3ef1f1d in strip_line (data=0x7fff90ce1400, line=) at ../src/lookup.c:260
  #3  lookup_foreach_with_tree (netinfo=, line=, 
len=, user_data=) at ../src/lookup.c:189
  #4  0x5572c3eeb7f2 in netinfo_io_text_buffer_dialog (channel=, 
condition=, data=0x5572c59204a0) at ../src/nettool.c:409
  #5  0x7f28a2c7e0d9 in g_main_dispatch 
(context=context@entry=0x5572c552dbd0) at ../../../glib/gmain.c:3476
  #6  0x7f28a2c81317 in g_main_context_dispatch_unlocked 
(context=0x5572c552dbd0) at ../../../glib/gmain.c:4284
  #7  g_main_context_iterate_unlocked (context=0x5572c552dbd0, block=block@entry=1, 
dispatch=dispatch@entry=1, self=) at ../../../glib/gmain.c:4349
  #8  0x7f28a2c81c1f in g_main_loop_run (loop=loop@entry=0x5572c568a510) at 
../../../glib/gmain.c:4551
  #9  0x7f28a33fd65d in gtk_main () at ../../../gtk/gtkmain.c:1329
  #10 0x5572c3ee95ba in main (argc=, argv=) 
at ../src/main.c:231
# 2024-05-01 trixie/testing amd64 qemu VM

apt install systemd-coredump task-gnome-desktop mc tmux htop git gdb valgrind 
rr gnome-nettool gnome-nettool-dbgsym libglib2.0-0t64-dbgsym 
libgtk-3-0t64-dbgsym
apt build-dep gnome-nettool
apt build-dep rr


mkdir /home/benutzer/source/gnome-nettool/orig -p
cd/home/benutzer/source/gnome-nettool/orig
apt source gnome-nettool


mkdir /home/benutzer/source/net-tools/orig -p
cd/home/benutzer/source/net-tools/orig
apt source net-tools





root@debian:~# journalctl -e
Mai 01 17:56:52 debian gnome-nettool.desktop[4366]: *** stack smashing detected 
***: terminated
Mai 01 17:56:52 debian systemd[1]: Created slice 
system-systemd\x2dcoredump.slice - Slice /system/systemd-coredump.
Mai 01 17:56:52 debian systemd[1]: Started systemd-coredump@0-4400-0.service - 
Process Core Dump (PID 4400/UID 0).
Mai 01 17:56:52 debian systemd-coredump[4401]: [] Process 4366 (gnome-nettool) 
of user 1000 dumped core.



root@debian:~# coredumpctl list
TIME  PID  UID  GID SIG COREFILE EXE
SIZE
Wed 2024-05-01 17:56:52 CEST 4366 1000 1000 SIGABRT present  
/usr/bin/gnome-nettool 1.8M



root@debian:~# coredumpctl gdb --debugger-arguments=-q 4366
   PID: 4366 (gnome-nettool)
   UID: 1000 (benutzer)
   GID: 1000 (benutzer)
Signal: 6 (ABRT)
 Timestamp: Wed 2024-05-01 17:56:52 CEST (4min 14s ago)
  Command Line: /usr/bin/gnome-nettool
Executable: /usr/bin/gnome-nettool
 Control Group: 
/user.slice/user-1000.slice/user@1000.service/app.slice/app-gnome-gnome\x2dnettool-4366.scope
  Unit: user@1000.service
 User Unit: app-gnome-gnome\x2dnettool-4366.scope
 Slice: user-1000.slice
 Owner UID: 1000 (benutzer)
   Boot ID: 7408197c36284bc295b6d821669a3071
Machine ID: 16e4d7437c19482b8c85581d3feaba09
  Hostname: debian
   Storage: 
/var/lib/systemd/coredump/core.gnome-nettool.1000.7408197c36284bc295b6d821669a3071.4366.171457901200.zst
 (present)
  Size on Disk: 1.8M
   Message: Process 4366 (gnome-nettool) of user 1000 dumped core.

Module libzstd.so.1 from deb libzstd-1.5.5+dfsg2-2.amd64
Module libsystemd.so.0 from deb systemd-255.4-1.amd64
Stack trace of thread 4366:
#0  0x7fdb1d71a16c n/a (libc.so.6 + 0x8a16c)
#1  0x7fdb1d6cc472 raise (libc.so.6 + 0x3c472)
#2  0x7fdb1d6b64b2 abort (libc.so.6 + 0x264b2)
#3  0x7fdb1d6b71ed n/a (libc.so.6 + 0x271ed)
#4  0x7fdb1d7a8465 __fortify_fail (libc.so.6 + 0x118465)
#5

Bug#1060293: gnome-nettool: Aborts with assert failure: *** stack smashing detected ***

2024-01-08 Thread Sudip Mukherjee 
Package: gnome-nettool
Version: 42.0-1
Severity: important
X-Debbugs-Cc: sudipm.mukher...@gmail.com

Dear Maintainer,

gnome-nettool crashes with the message "assert failure: *** stack smashing 
detected ***".

Steps to reproduce:
1. Open gnome-nettool
2. Select the lookup tab
3. Enter "codethink.co.uk" in the space for Network address.
4. In the information type dropdown menu select "Any / All Information"
5. Click the "Lookup" button.

Note:
Other options in the "information type dropdown menu" works without any error.
The issue is seen only with "Any / All Information".


-- 
Regards
Sudip