Bug#780505: marked as done (icom: buffer overflow when running 'radio' command)

To: Colin Tuckley <colint@debian.org>
Subject: Bug#780505: marked as done (icom: buffer overflow when running 'radio' command)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Sat, 02 May 2015 21:57:22 +0000
Message-id: <[🔎] handler.780505.D780505.14306036293153.ackdone@bugs.debian.org>
References: <E1YofM1-0006UK-I1@franck.debian.org> <20150315051939.27338.84223.reportbug@prism>

Your message dated Sat, 02 May 2015 21:53:45 +0000
with message-id <E1YofM1-0006UK-I1@franck.debian.org>
and subject line Bug#780505: fixed in icom 20120228-2
has caused the Debian Bug report #780505,
regarding icom: buffer overflow when running 'radio' command
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
780505: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780505
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: icom: buffer overflow when running 'radio' command
From: Ryan Barber <rfb@skyscraper.nu>
Date: Sat, 14 Mar 2015 22:19:39 -0700
Message-id: <20150315051939.27338.84223.reportbug@prism>

Package: icom
Version: 20120228-1
Severity: important
Tags: patch

Dear Maintainer,

I get a buffer overflow when I run the 'radio' command in icom.

Here is the backtrace:

#0  0x00007ffff7767107 in __GI_raise (sig=sig@entry=6) at
.../nptl/sysdeps/unix/sysv/linux/raise.c:56
#1  0x00007ffff77684e8 in __GI_abort () at abort.c:89
#2  0x00007ffff77a5204 in __libc_message (do_abort=do_abort@entry=2,
fmt=fmt@entry=0x7ffff7895a2b "*** %s ***: %s terminated\n") at
.../sysdeps/posix/libc_fatal.c:175
#3  0x00007ffff78284c7 in __GI___fortify_fail (msg=msg@entry=0x7ffff78959c2
"buffer overflow detected") at fortify_fail.c:31
#4  0x00007ffff78266e0 in __GI___chk_fail () at chk_fail.c:28
#5  0x00007ffff7825be9 in _IO_str_chk_overflow (fp=<optimized out>,
c=<optimized out>) at vsprintf_chk.c:33
#6  0x00007ffff777fcd7 in ___printf_fp (fp=fp@entry=0x7fffffffda80,
info=info@entry=0x7fffffffd600, args=args@entry=0x7fffffffd5e0) at
printf_fp.c:1228
#7  0x00007ffff777c9bd in _IO_vfprintf_internal (s=s@entry=0x7fffffffda80,
format=<optimized out>, format@entry=0x407cad " %10.0lf",
ap=ap@entry=0x7fffffffdbb8) at vfprintf.c:1641
#8  0x00007ffff7825c78 in ___vsprintf_chk (s=0x7fffffffdc90 "      4111`",
flags=1, slen=11, format=0x407cad " %10.0lf", args=args@entry=0x7fffffffdbb8)
at vsprintf_chk.c:85
#9  0x00007ffff7825bcd in ___sprintf_chk (s=s@entry=0x7fffffffdc90 "
4111`", flags=flags@entry=1, slen=slen@entry=11, format=format@entry=0x407cad "
%10.0lf") at sprintf_chk.c:31
#10 0x0000000000405da2 in sprintf (__fmt=0x407cad " %10.0lf",
__s=0x7fffffffdc90 "      4111`") at /usr/include/x86_64-linux-
gnu/bits/stdio2.h:33
#11 doublefreq (freq=<optimized out>, x=x@entry=0x7fffffffdcd1 "", len=5) at
radio.c:1026
#12 0x0000000000405e9e in loadfreq (rp=rp@entry=0x61d010, freq=<optimized out>)
at radio.c:509
#13 0x0000000000406e5e in select_radio (ident=102, baud=baud@entry=0) at
radio.c:189
#14 0x0000000000402c78 in qqsv (rp=0x0, cmdop=cmdop@entry=0x61ab00 <cmd>) at
icom.c:467
#15 0x0000000000405153 in command (rp=<optimized out>, cmdop=0x61ab00 <cmd>) at
icom.c:379
#16 0x0000000000405700 in main (argc=<optimized out>, argcv=<optimized out>) at
icom.c:343



-- System Information:
Debian Release: 8.0
  APT prefers testing-updates
  APT policy: (500, 'testing-updates'), (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages icom depends on:
ii  libc6  2.19-15

icom recommends no packages.

icom suggests no packages.

-- no debconf information

Index: icom-20120228/radio.c
===================================================================
--- icom-20120228.orig/radio.c
+++ icom-20120228/radio.c
@@ -1023,7 +1023,7 @@ doublefreq(
 	char	s1[11];
 	char	*y;
 
-	sprintf(s1, " %10.0lf", freq);
+	snprintf(s1, sizeof(s1), " %10.0lf", freq);
 	y = s1 + 10;
 	i = 0;
 	while (*y != ' ') {

--- End Message ---

--- Begin Message ---

To: 780505-close@bugs.debian.org
Subject: Bug#780505: fixed in icom 20120228-2
From: Colin Tuckley <colint@debian.org>
Date: Sat, 02 May 2015 21:53:45 +0000
Message-id: <E1YofM1-0006UK-I1@franck.debian.org>

Source: icom
Source-Version: 20120228-2

We believe that the bug you reported is fixed in the latest version of
icom, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 780505@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Colin Tuckley <colint@debian.org> (supplier of updated icom package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 02 May 2015 20:49:00 +0100
Source: icom
Binary: icom
Architecture: source amd64
Version: 20120228-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Hamradio Maintainers <debian-hams@lists.debian.org>
Changed-By: Colin Tuckley <colint@debian.org>
Description:
 icom       - Software control for ICOM radios with CI-V interface
Closes: 780505
Changes:
 icom (20120228-2) unstable; urgency=medium
 .
   * Fix Buff overflow in radio.c (closes: #780505).
Checksums-Sha1:
 793043e1007d6344979edc2b9d7b6b63a4e778b3 1838 icom_20120228-2.dsc
 fbd072641751552f6e0d1cd0cad3158bc7be48ab 11320 icom_20120228-2.debian.tar.xz
 ceec2f66a0da9894c76dda41dfb85723f7491487 130742 icom_20120228-2_amd64.deb
Checksums-Sha256:
 ae3c64cbfa7f34caf230e5cd8625467e7bc4e424fa9a3d0ec16d08db79e7e604 1838 icom_20120228-2.dsc
 8b3c22890e7fb05d85e4579ce1a9d72459ea75769cbca84fae6c433ddb41bda7 11320 icom_20120228-2.debian.tar.xz
 4457b6901511115fe455cb4038fc5ae500a95ee2b1fb8c3126acaae0fbf542e0 130742 icom_20120228-2_amd64.deb
Files:
 8bfd5f9c1541a7264d07725d5ac6ee62 1838 hamradio extra icom_20120228-2.dsc
 06a39c31518c55757309b7ee624ec5d0 11320 hamradio extra icom_20120228-2.debian.tar.xz
 3f0fa17c89ddb14a150f0a0e1b92a836 130742 hamradio extra icom_20120228-2_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJVRSvmAAoJEPoMQQc4ydkD3S8P/28jzlFiYwGtr/W4KcXsnaFO
XQVCu8Ugo0wqUaPuVAQSMJu9C+5aoB5vxDwYxQmeV/pJUZJGKq+jEMSO65HHHnNU
h4tjn9do5bpsiiPISZhMwMl5tXdPpi8m6WFldukzxCXpbLiMVXhyIGsfC2h1U38U
8CsxJA7tq9UDG3M5UKwIrPMJa3hKOoaC46V2zLacbJ2SSSZVCtXBF6TxPDKCOhq1
mquN9yYwvsR6olJYEIGX8vOwghtiRjE0oGFWJFYMgg+xw8Py3K+ZVBD417NeNHGk
/lKhNBCxIVlrWEtqDIxE3Z1205DuAsX+8aqfRTTXJYrpr9uiD6AuMuDKvb/eMESf
6iTynJJSB+XCztnjEv0HQV+C7y/iFwfCHaBcjoJPjm8BhLC1FJGQiBgI55CRK53t
HZIruzp4ttjQIl4Cdj3TGVEpXjSEC1xwUXuaxmOGLFgI4T4OmntCc/m2Oe2V986q
mrdXnbEWR/Lj61KOCGsxML1nuPaeE2LJH45uMF5hXxF1gGBDZ83wINgULp13Y2nn
wpnzi6khCpE2yhlEalMz8YXSyx/xjxMkTDuQoeO3U8LfZpYLx7/82rcFiINX3PnO
rrbswr9Gmr3aWeDBKGNBDsP8z0B+z3BSUTxpO0SurbbUh9pi4/HKD7YGT0tb61gb
jz3yli9xBO5bbay02f30
=9pUj
-----END PGP SIGNATURE-----

--- End Message ---

Reply to:

Prev by Date: Processing of icom_20120228-2_amd64.changes
Next by Date: icom_20120228-2_amd64.changes ACCEPTED into unstable
Previous by thread: Processing of icom_20120228-2_amd64.changes
Next by thread: icom_20120228-2_amd64.changes ACCEPTED into unstable
Index(es):
- Date
- Thread