(gdb) run
Starting program: /usr/bin/tftp
tftp> shaz:pxelinux.cfg/default
?Invalid command
tftp> get shaz:pxelinux.cfg/default
*** buffer overflow detected ***: /usr/bin/tftp terminated
======= Backtrace: =========
/lib/libc.so.6(__fortify_fail+0x37)[0x7ffff7b58527]
/lib/libc.so.6(+0xfe3e0)[0x7ffff7b573e0]
/usr/bin/tftp[0x4013c1]
/usr/bin/tftp[0x401fad]
/usr/bin/tftp[0x402d61]
/usr/bin/tftp[0x4027ba]
/usr/bin/tftp[0x4035bf]
/lib/libc.so.6(__libc_start_main+0xfe)[0x7ffff7a77d8e]
/usr/bin/tftp[0x4012a9]
======= Memory map: ========
00400000-00405000 r-xp 00000000 08:01 9063097
/usr/bin/tftp
00604000-00605000 r--p 00004000 08:01 9063097
/usr/bin/tftp
00605000-00606000 rw-p 00005000 08:01 9063097
/usr/bin/tftp
00606000-00628000 rw-p 00000000 00:00 0 [heap]
7ffff7014000-7ffff7029000 r-xp 00000000 08:01 4587594
/lib/libgcc_s.so.1
7ffff7029000-7ffff7228000 ---p 00015000 08:01 4587594
/lib/libgcc_s.so.1
7ffff7228000-7ffff7229000 r--p 00014000 08:01 4587594
/lib/libgcc_s.so.1
7ffff7229000-7ffff722a000 rw-p 00015000 08:01 4587594
/lib/libgcc_s.so.1
7ffff722a000-7ffff7240000 r-xp 00000000 08:01 4587559
/lib/libresolv-2.12.1.so
7ffff7240000-7ffff743f000 ---p 00016000 08:01 4587559
/lib/libresolv-2.12.1.so
7ffff743f000-7ffff7440000 r--p 00015000 08:01 4587559
/lib/libresolv-2.12.1.so
7ffff7440000-7ffff7441000 rw-p 00016000 08:01 4587559
/lib/libresolv-2.12.1.so
7ffff7441000-7ffff7443000 rw-p 00000000 00:00 0
7ffff7443000-7ffff7448000 r-xp 00000000 08:01 4587552
/lib/libnss_dns-2.12.1.so
7ffff7448000-7ffff7647000 ---p 00005000 08:01 4587552
/lib/libnss_dns-2.12.1.so
7ffff7647000-7ffff7648000 r--p 00004000 08:01 4587552
/lib/libnss_dns-2.12.1.so
7ffff7648000-7ffff7649000 rw-p 00005000 08:01 4587552
/lib/libnss_dns-2.12.1.so
7ffff7649000-7ffff764b000 r-xp 00000000 08:01 4591393
/lib/libnss_mdns4_minimal.so.2
7ffff764b000-7ffff784a000 ---p 00002000 08:01 4591393
/lib/libnss_mdns4_minimal.so.2
7ffff784a000-7ffff784b000 r--p 00001000 08:01 4591393
/lib/libnss_mdns4_minimal.so.2
7ffff784b000-7ffff784c000 rw-p 00002000 08:01 4591393
/lib/libnss_mdns4_minimal.so.2
7ffff784c000-7ffff7858000 r-xp 00000000 08:01 4587553
/lib/libnss_files-2.12.1.so
7ffff7858000-7ffff7a57000 ---p 0000c000 08:01 4587553
/lib/libnss_files-2.12.1.so
7ffff7a57000-7ffff7a58000 r--p 0000b000 08:01 4587553
/lib/libnss_files-2.12.1.so
7ffff7a58000-7ffff7a59000 rw-p 0000c000 08:01 4587553
/lib/libnss_files-2.12.1.so
7ffff7a59000-7ffff7bd3000 r-xp 00000000 08:01 4587540
/lib/libc-2.12.1.so
7ffff7bd3000-7ffff7dd2000 ---p 0017a000 08:01 4587540
/lib/libc-2.12.1.so
7ffff7dd2000-7ffff7dd6000 r--p 00179000 08:01 4587540
/lib/libc-2.12.1.so
7ffff7dd6000-7ffff7dd7000 rw-p 0017d000 08:01 4587540
/lib/libc-2.12.1.so
7ffff7dd7000-7ffff7ddc000 rw-p 00000000 00:00 0
7ffff7ddc000-7ffff7dfc000 r-xp 00000000 08:01 4587536
/lib/ld-2.12.1.so
7ffff7fe5000-7ffff7fe8000 rw-p 00000000 00:00 0
7ffff7ff6000-7ffff7ffb000 rw-p 00000000 00:00 0
7ffff7ffb000-7ffff7ffc000 r-xp 00000000 00:00 0 [vdso]
7ffff7ffc000-7ffff7ffd000 r--p 00020000 08:01 4587536
/lib/ld-2.12.1.so
7ffff7ffd000-7ffff7ffe000 rw-p 00021000 08:01 4587536
/lib/ld-2.12.1.so
7ffff7ffe000-7ffff7fff000 rw-p 00000000 00:00 0
7ffffffde000-7ffffffff000 rw-p 00000000 00:00 0 [stack]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0
[vsyscall]
Program received signal SIGABRT, Aborted.
0x00007ffff7a8cba5 in raise (sig=<value optimized out>)
at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
64 ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory.
in ../nptl/sysdeps/unix/sysv/linux/raise.c
(gdb) bt full
#0 0x00007ffff7a8cba5 in raise (sig=<value optimized out>)
at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
pid = <value optimized out>
selftid = <value optimized out>
#1 0x00007ffff7a906b0 in abort () at abort.c:92
act = {__sigaction_handler = {sa_handler = 0x7fffffffd580,
sa_sigaction = 0x7fffffffd580}, sa_mask = {__val = {
140737488344640, 140737488348103, 13, 140737349558994, 3,
140737488344650, 6, 140737349558998, 2, 140737488344638, 2,
140737349550008, 1, 140737349558994, 3, 140737488344644}},
sa_flags = 12, sa_restorer = 0x7ffff7ba22d6}
sigs = {__val = {32, 0 <repeats 15 times>}}
#2 0x00007ffff7ac643b in __libc_message (do_abort=<value optimized out>,
fmt=<value optimized out>) at ../sysdeps/unix/sysv/linux/libc_fatal.c:189
ap = {{gp_offset = 32, fp_offset = 48,
overflow_arg_area = 0x7fffffffdf40,
reg_save_area = 0x7fffffffde50}}
ap_copy = {{gp_offset = 16, fp_offset = 48,
overflow_arg_area = 0x7fffffffdf40,
reg_save_area = 0x7fffffffde50}}
fd = 7
on_2 = <value optimized out>
list = <value optimized out>
nlist = 0
cp = <value optimized out>
written = false
#3 0x00007ffff7b58527 in __fortify_fail (
msg=0x7ffff7ba2210 "buffer overflow detected") at fortify_fail.c:32
No locals.
#4 0x00007ffff7b573e0 in __chk_fail () at chk_fail.c:29
No locals.
#5 0x00000000004013c1 in strcpy (request=<value optimized out>,
name=<value optimized out>, tp=0x605760, mode=0x6060c0 "netascii")
at /usr/include/bits/string3.h:107
No locals.
#6 makerequest (request=<value optimized out>, name=<value optimized out>,
---Type <return> to continue, or q <return> to quit---
tp=0x605760, mode=0x6060c0 "netascii") at tftp.c:326
cp = 0x605762 "p"
#7 0x0000000000401fad in recvfile (fd=<value optimized out>,
name=0x605bc9 "pxelinux.cfg/default", mode=0x6060c0 "netascii")
at tftp.c:240
ap = 0x605760
dp = 0x6062e4
size = 0
block = 1
n = <value optimized out>
amount = 0
firsttrip = 1
file = 0x6096e0
convert = 1
#8 0x0000000000402d61 in get (argc=2, argv=<value optimized out>)
at main.c:546
fd = 6
n = <value optimized out>
cp = 0x605bd6 "default"
src = 0x605bc9 "pxelinux.cfg/default"
len = <value optimized out>
#9 0x00000000004027ba in command (top=<value optimized out>) at main.c:703
c = <value optimized out>
#10 0x00000000004035bf in main (argc=1, argv=0x7fffffffe198) at main.c:196
top = 1
(gdb)
--
tftp assert failure: *** buffer overflow detected ***: tftp terminated
https://bugs.launchpad.net/bugs/672325
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
