Bug#194637: marked as done (Buffer overflow (1 byte) in sysdeps/unix/sysv/linux/ttyname_r.c)
Your message dated Wed, 03 Sep 2003 14:33:10 -0400
with message-id <E19ucRK-0003gJ-00@auric.debian.org>
and subject line Bug#194637: fixed in glibc 2.3.2-5
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 25 May 2003 12:23:17 +0000
>From hunor@cs.elte.hu Sun May 25 07:23:15 2003
Return-path: <hunor@cs.elte.hu>
Received: from konig.cs.elte.hu [157.181.226.9]
by master.debian.org with esmtp (Exim 3.35 1 (Debian))
id 19JuWx-0001D0-00; Sun, 25 May 2003 07:23:15 -0500
Received: from neumann.cs.elte.hu (neumann.cs.elte.hu [157.181.226.3])
by konig.cs.elte.hu (8.9.3/8.8.8/7s) with ESMTP id OAA24162
for <submit@bugs.debian.org>; Sun, 25 May 2003 14:23:12 +0200
Received: from localhost (hunor@localhost) by neumann.cs.elte.hu (8.9.3/8.7.3/4c) with ESMTP id OAA23606 for <submit@bugs.debian.org>; Sun, 25 May 2003 14:23:12 +0200
X-Authentication-Warning: neumann.cs.elte.hu: hunor owned process doing -bs
Date: Sun, 25 May 2003 14:23:12 +0200 (CEST)
From: Hunor Csordas <hunor@cs.elte.hu>
To: submit@bugs.debian.org
Subject: Buffer overflow (1 byte) in sysdeps/unix/sysv/linux/ttyname_r.c
Message-ID: <Pine.LNX.4.44.0305251354390.22844-100000@neumann.cs.elte.hu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Delivered-To: submit@bugs.debian.org
X-Spam-Status: No, hits=-19.4 required=4.0
tests=BAYES_01,HAS_PACKAGE,PATCH_UNIFIED_DIFF,USER_AGENT_PINE,
X_AUTH_WARNING
autolearn=ham version=2.53-bugs.debian.org_2003_05_24
X-Spam-Level:
X-Spam-Checker-Version: SpamAssassin 2.53-bugs.debian.org_2003_05_24 (1.174.2.15-2003-03-30-exp)
Package: libc6
Version: 2.3.1
Severity: minor
Tags: patch
In all releases currently present on ftp.debian.org (i.e. 5, 16 and 17),
glibc-2.3.1/debian/patches/glibc22-ttyname-devfs.dpatch contains the
following snippet:
+ memcpy (buf, prefix, strlen (prefix));
+ buflen -= strlen (prefix) - 1;
...
- memcpy (buf, "/dev/pts/", sizeof ("/dev/pts/"));
- buflen -= sizeof ("/dev/pts/") - 1;
That is certainly wrong since the value returned by strlen is one less
than the one returned by sizeof. This doesn't matter in the first line
since the code which later appends the file name to the directory uses a
remembered value of the string length, but buflen being 1 more allows
ttyname_r to use 1 byte more than available as buffer space.
Proposed patch:
--- glibc22-ttyname-devfs.dpatch.orig Sun May 25 14:15:33 2003
+++ glibc22-ttyname-devfs.dpatch Sun May 25 14:16:18 2003
@@ -41,8 +41,8 @@
+ size_t devlen = strlen (prefix);
- dirstream = __opendir (buf);
-+ memcpy (buf, prefix, strlen (prefix));
-+ buflen -= strlen (prefix) - 1;
++ memcpy (buf, prefix, devlen);
++ buflen -= devlen;
+
+ dirstream = __opendir (prefix);
if (dirstream == NULL)
That should fix it.
Hunor Csordas
---------------------------------------
Received: (at 194637-close) by bugs.debian.org; 3 Sep 2003 18:38:54 +0000
>From katie@auric.debian.org Wed Sep 03 13:38:54 2003
Return-path: <katie@auric.debian.org>
Received: from auric.debian.org [206.246.226.45]
by master.debian.org with esmtp (Exim 3.35 1 (Debian))
id 19ucWs-0000FM-00; Wed, 03 Sep 2003 13:38:54 -0500
Received: from katie by auric.debian.org with local (Exim 3.35 1 (Debian))
id 19ucRK-0003gJ-00; Wed, 03 Sep 2003 14:33:10 -0400
From: Philip Blundell <pb@nexus.co.uk>
To: 194637-close@bugs.debian.org
X-Katie: $Revision: 1.35 $
Subject: Bug#194637: fixed in glibc 2.3.2-5
Message-Id: <E19ucRK-0003gJ-00@auric.debian.org>
Sender: Archive Administrator <katie@auric.debian.org>
Date: Wed, 03 Sep 2003 14:33:10 -0400
Delivered-To: 194637-close@bugs.debian.org
Source: glibc
Source-Version: 2.3.2-5
We believe that the bug you reported is fixed in the latest version of
glibc, which is due to be installed in the Debian FTP archive:
glibc-doc_2.3.2-5_all.deb
to pool/main/g/glibc/glibc-doc_2.3.2-5_all.deb
glibc_2.3.2-5.diff.gz
to pool/main/g/glibc/glibc_2.3.2-5.diff.gz
glibc_2.3.2-5.dsc
to pool/main/g/glibc/glibc_2.3.2-5.dsc
libc-udeb_2.3.2-5_i386.udeb
to pool/main/g/glibc/libc-udeb_2.3.2-5_i386.udeb
libc6-dbg_2.3.2-5_i386.deb
to pool/main/g/glibc/libc6-dbg_2.3.2-5_i386.deb
libc6-dev_2.3.2-5_i386.deb
to pool/main/g/glibc/libc6-dev_2.3.2-5_i386.deb
libc6-pic_2.3.2-5_i386.deb
to pool/main/g/glibc/libc6-pic_2.3.2-5_i386.deb
libc6-prof_2.3.2-5_i386.deb
to pool/main/g/glibc/libc6-prof_2.3.2-5_i386.deb
libc6_2.3.2-5_i386.deb
to pool/main/g/glibc/libc6_2.3.2-5_i386.deb
locales_2.3.2-5_all.deb
to pool/main/g/glibc/locales_2.3.2-5_all.deb
nscd_2.3.2-5_i386.deb
to pool/main/g/glibc/nscd_2.3.2-5_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 194637@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Philip Blundell <pb@nexus.co.uk> (supplier of updated glibc package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 26 Aug 2003 22:51:03 +0100
Source: glibc
Binary: libc6.1-prof libc1 libc0.3-pic locales glibc-doc libc6-pic libc-udeb libc1-prof libc0.3 libc0.3-dbg libc6.1-dev libc1-pic libc6-s390x libc6-prof libc1-dbg libc6-dev-sparc64 libc6 libc0.3-dev libc6-dbg nscd libc6.1-dbg libc6.1-pic libc6-sparc64 libc6-dev libc0.3-prof libc6.1 libc6-dev-s390x libc1-dev
Architecture: source i386 all
Version: 2.3.2-5
Distribution: unstable
Urgency: low
Maintainer: GNU Libc Maintainers <debian-glibc@lists.debian.org>
Changed-By: Philip Blundell <pb@nexus.co.uk>
Description:
glibc-doc - GNU C Library: Documentation
libc-udeb - GNU C Library: Shared libraries and Timezone data - udeb (udeb)
libc6 - GNU C Library: Shared libraries and Timezone data
libc6-dbg - GNU C Library: Libraries with debugging symbols
libc6-dev - GNU C Library: Development Libraries and Header Files.
libc6-pic - GNU C Library: PIC archive library
libc6-prof - GNU C Library: Profiling Libraries.
locales - GNU C Library: National Language (locale) data [support]
nscd - GNU C Library: Name Service Cache Daemon
Closes: 158354 194289 194637 204711 204958 205118 205679 206663 206784
Changes:
glibc (2.3.2-5) unstable; urgency=low
.
* Phil Blundell <pb@debian.org>
.
- debian/control: change section for -pic, -dbg, -prof packages
from devel to libdevel.
.
- debian/control.in/main: add Build-Depends changes from 2.3.2-3
here as well.
.
- debian/packages.d/*.mk: add md5sums for generated packages,
thanks to Petr Konecny. (Closes: #158354)
.
- debian/patches/80_glibc232-locales-header.dpatch: adjust
filenames so patch applies correctly.
.
- debian/locales/DEBIAN/config: The "Leave alone" option has been
removed, but locale-gen crashes if it was set by a previous run,
so really discard it. Patch by Denis Barbier (Closes: #204958)
.
- debian/patches/lo_LA.UTF-8_not_supported.dpatch: remove this
locale from SUPPORTED file; requested by Denis Barbier.
(Closes: #205118)
.
- debian/patches/nss_compat-shadow: fix problem with shadow
passwords and NIS. Patch from Thorsten Kukuk. (Closes: #204711)
.
* GOTO Masanori <gotom@debian.org>
.
- debian/control.in/libc: Add more missing change section for -pic,
-dbg, -prof packages from devel to libdevel.
- debian/control.in/libc-dbg: likewise.
.
- debian/patches/80_glibc232-locales-header.dpatch: Fix an_ES,
wa_BE, yi_US localedata header. (Closes: #194289)
.
- debian/locales/usr/sbin/locale-gen: Add "unset POSIXLY_CORRECT"
because if user set POSIXLY_CORRECT, this script is interrupted.
(Closes: #206784)
.
- debian/patches/glibc22-ttyname-devfs.dpatch: Fix one byte leak
in getttyname_r. Patched by Hunor Csordas <hunor@cs.elte.hu>.
(Closes: #194637)
.
- debian/sysdeps/freebsd.mk: Modified config-os from freebsd-gnu
to kfreebsd-gnu. Patched by Robert Millan <zeratul2@wanadoo.es>.
(Closes: #206663)
.
- debian/patches/80_glibc232-iconvdata-fix.dpatch: Fix cp932
does not work. (Closes: #205679)
Files:
78bb198d7153f4317ca562e40a8b18ca 1632 libs required glibc_2.3.2-5.dsc
0e956b0415193a299105291a81ebb567 1161297 libs required glibc_2.3.2-5.diff.gz
69216eff3cee037cbed4c855c8c434f7 3706576 base required libc6_2.3.2-5_i386.deb
754e80fdf2eb0e20aa9c909d15e21f5e 1057566 debian-installer required libc-udeb_2.3.2-5_i386.udeb
6d9f30c6c99dc70929cc7bcb1faad8c9 2632434 libdevel standard libc6-dev_2.3.2-5_i386.deb
4abde7a849c2396e9443ae27b99ba936 1027384 libdevel extra libc6-prof_2.3.2-5_i386.deb
f48a2bbe8cc99408a396c86b1e3a71f5 8506638 libdevel extra libc6-dbg_2.3.2-5_i386.deb
29757c90514259b4b14dc4dba0280ba8 976334 libdevel optional libc6-pic_2.3.2-5_i386.deb
115078d9ee7d7530952673180ada8353 76776 admin optional nscd_2.3.2-5_i386.deb
0934e484e2e667eb12146ea46d4e142b 3798930 base standard locales_2.3.2-5_all.deb
4b82a402e8c051cc7149198b1b738535 3088972 doc optional glibc-doc_2.3.2-5_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE/ViiOVTLPJe9CT30RAqgZAJ9IzZMzq6Tns5vEjieiUcttaBV0IACfXExa
mykDbHXuERXlj0hCgCs3Nw8=
=TbKb
-----END PGP SIGNATURE-----
Reply to: