[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#764442: marked as done (apt: String overrun in RSHConn::WriteMsg() (transports rsh: and ssh:))

Your message dated Sun, 8 Mar 2015 12:11:43 +0100
with message-id <20150308111142.GA4355@crossbow>
and subject line Done: apt: String overrun in RSHConn::WriteMsg() (transports rsh: and ssh:)
has caused the Debian Bug report #764442,
regarding apt: String overrun in RSHConn::WriteMsg()   (transports rsh: and ssh:)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
764442: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=764442
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: apt
Version: 1.0.9.2
Severity: normal


Dear Maintainer,

In examining the sources in method/rsh.cc I ran across the function
RSHConn::WriteMsg(....)

The first thing it does is make a buffer of 512 bytes, put up to 508
bytes of data in it (the vsnprintf call), and then add at least 14
more bytes of data (the strcat calls).

I originally saw this in:

Version: 0.9.7.9+deb7u5

I have not created a test for this.  I suspect all it takes is a long
path in the configured URI.

The simplest fix is probably to change the "- 4" on the vsnprintf()
to "- 24" or thereabouts.  A more complex fix (probably not needed)
might send the two strings separately.  It also might be wise to
consider if the buffer should be enlarged.

I have not fully examined other sources for similar code, but do see
where this came from in method/ftp.cc.

-- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.12-0.bpo.1-amd64 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash

Versions of packages apt depends on:
ii  debian-archive-keyring  2014.1
ii  gnupg                   1.4.18-4
ii  libapt-pkg4.12          1.0.9.2
ii  libc6                   2.19-11
ii  libgcc1                 1:4.9.1-16
ii  libstdc++6              4.9.1-16

apt recommends no packages.

Versions of packages apt suggests:
ii  apt-doc     1.0.9.2
ii  aptitude    0.6.11-1
ii  dpkg-dev    1.17.16
ii  python-apt  0.9.3.10
ii  synaptic    0.81.2

--- End Message ---
--- Begin Message --- 
Version: 1.0.9.3

Hi,

this bug was actually fixed already, but thanks to a typo in the
changelog went to the wrong bug… (compare 44 to 444).

apt (1.0.9.3) unstable; urgency=medium
[…]
  [ Michael Vogt ]
  * methods/rsh.cc: replace strcat with std::string (Closes: #76442)
[…]
 -- Michael Vogt <mvo@debian.org>  Wed, 15 Oct 2014 19:49:38 +0200


Hence closing accordingly as done.


Best regards

David Kalnischkies

Attachment: signature.asc
Description: Digital signature


--- End Message ---
Reply to: