[Bug 941968] Re: lockfile-create hangs inside lxc containers (potential buffer overflow?)

Joseph W. Breu Mon, 23 Sep 2013 11:06:49 -0700

I tested this and the bug still exists where lockfile-create segfaults
with a long hostname.  The problem here is the 23 characters allowed for
the system name is still not sufficient.  gethostname() can return a
hostname up to 256 characters long.


on precise with liblockfile-bin 1.09-3ubuntu0.1 installed:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
root@areallylonghostnamethatshouldbreakeverything:~# lockfile-create 
/var/lock/ntpdate
*** glibc detected *** lockfile-create: free(): invalid next size (fast): 
0x000000000128f0a0 ***
Segmentation fault (core dumped)


from the patch:
~~~~~~~~~~~~
#define TMPLOCKSTR              ".lk"
#define TMPLOCKSTRSZ            strlen(TMPLOCKSTR)
+#define TMPLOCKPIDSZ           5
#define TMPLOCKTIMESZ           1
#define TMPLOCKSYSNAMESZ        23
#define TMPLOCKFILENAMESZ       (TMPLOCKSTRSZ + TMPLOCKPIDSZ + \
                                 TMPLOCKTIMESZ + TMPLOCKSYSNAMESZ)

TMPLOCKSYSNAMESZ needs to be much larger than 23.  This should actually
be the same as the size of sysname which in this case is 256.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/941968

Title:
  lockfile-create hangs inside lxc containers (potential buffer
  overflow?)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/liblockfile/+bug/941968/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 941968] Re: lockfile-create hangs inside lxc containers (potential buffer overflow?)

Reply via email to