Bug#701968: several busybox applets may fail or produce garbage

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#701968: several busybox applets may fail or produce garbage
From: Michael Tokarev <mjt@tls.msk.ru>
Date: Fri, 01 Mar 2013 13:04:11 +0400
Message-id: <20130301090411.10418.18662.reportbug@gandalf.local>
Reply-to: Michael Tokarev <mjt@tls.msk.ru>, 701968@bugs.debian.org

Package: busybox
Version: 1:1.20.0-7
Severity: important
Tags: patch upstream fixed-upstream pending

Several bugs (typos) has been found in busybox in macros that
performs conversion from host words to unaligned buffers, one
in generic code and two more in compression library (xz).

First bug (generic move_to_unaligned16() implementation) copies
2 more bytes than necessary, thus can overflow the destination,
which may cause either memory corruption or a segmentation fault.

Second bug in xz is wrong usage of move_to_unaligned16 (which
copied 4 instead of 2 bytes by accident) to handle 32bit
quantities - is exposed when the first bug is fixed.

Other usages of move_to_unaligned16() in whole busybox sources
appears to be okay.

The severity is important because the overflow usually goes
silent but may produce garbage output, which leads to data
corruption in archivals.  Reportedly this happens on sparc.

/mjt

Reply to:

Follow-Ups:
- Bug#701968: marked as done (several busybox applets may fail or produce garbage)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Bug#701965: busybox mdev creates deep subdirs in /dev with 0777 permissions
Next by Date: Bug#698347: debootstrap: New variant based on PRoot
Previous by thread: Bug#701965: marked as done (busybox mdev creates deep subdirs in /dev with 0777 permissions)
Next by thread: Bug#701968: marked as done (several busybox applets may fail or produce garbage)
Index(es):
- Date
- Thread