Your message dated Sun, 8 Mar 2015 12:11:43 +0100 with message-id <20150308111142.GA4355@crossbow> and subject line Done: apt: String overrun in RSHConn::WriteMsg() (transports rsh: and ssh:) has caused the Debian Bug report #764442, regarding apt: String overrun in RSHConn::WriteMsg() (transports rsh: and ssh:) to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 764442: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=764442 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: apt: String overrun in RSHConn::WriteMsg() (transports rsh: and ssh:)
- From: David Garfield <divad27182@gmx.com>
- Date: Wed, 08 Oct 2014 02:49:40 -0400
- Message-id: <5434DE84.30504@gmx.com>
Package: apt Version: 1.0.9.2 Severity: normal Dear Maintainer, In examining the sources in method/rsh.cc I ran across the function RSHConn::WriteMsg(....) The first thing it does is make a buffer of 512 bytes, put up to 508 bytes of data in it (the vsnprintf call), and then add at least 14 more bytes of data (the strcat calls). I originally saw this in: Version: 0.9.7.9+deb7u5 I have not created a test for this. I suspect all it takes is a long path in the configured URI. The simplest fix is probably to change the "- 4" on the vsnprintf() to "- 24" or thereabouts. A more complex fix (probably not needed) might send the two strings separately. It also might be wise to consider if the buffer should be enlarged. I have not fully examined other sources for similar code, but do see where this came from in method/ftp.cc. -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 3.12-0.bpo.1-amd64 (SMP w/1 CPU core) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/dash Versions of packages apt depends on: ii debian-archive-keyring 2014.1 ii gnupg 1.4.18-4 ii libapt-pkg4.12 1.0.9.2 ii libc6 2.19-11 ii libgcc1 1:4.9.1-16 ii libstdc++6 4.9.1-16 apt recommends no packages. Versions of packages apt suggests: ii apt-doc 1.0.9.2 ii aptitude 0.6.11-1 ii dpkg-dev 1.17.16 ii python-apt 0.9.3.10 ii synaptic 0.81.2
--- End Message ---
--- Begin Message ---
- To: 764442-done@bugs.debian.org
- Subject: Done: apt: String overrun in RSHConn::WriteMsg() (transports rsh: and ssh:)
- From: David Kalnischkies <david@kalnischkies.de>
- Date: Sun, 8 Mar 2015 12:11:43 +0100
- Message-id: <20150308111142.GA4355@crossbow>
Version: 1.0.9.3 Hi, this bug was actually fixed already, but thanks to a typo in the changelog went to the wrong bug… (compare 44 to 444). apt (1.0.9.3) unstable; urgency=medium […] [ Michael Vogt ] * methods/rsh.cc: replace strcat with std::string (Closes: #76442) […] -- Michael Vogt <mvo@debian.org> Wed, 15 Oct 2014 19:49:38 +0200 Hence closing accordingly as done. Best regards David KalnischkiesAttachment: signature.asc
Description: Digital signature
--- End Message ---