Bug 1309807

Summary: ripmime buffer overflow
Product: [Fedora] Fedora Reporter: Bug Master <redhat>
Component: ripmimeAssignee: Itamar Reis Peixoto <itamar>
Status: CLOSED EOL QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 22CC: itamar
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-07-19 18:44:05 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Attachments:
Description Flags
Test input that causes crash none

Description Bug Master 2016-02-18 18:27:24 UTC 
Description of problem:

ripmime crashes on certain file input.

Version-Release number of selected component (if applicable):

ripmime-1.4.0.9-9.fc22.x86_64

How reproducible:

Every time.

Steps to Reproduce:
1. ripmime -i 0
2.
3.

Actual results:

[david@david david]$ ripmime -i /tmp/0
*** buffer overflow detected ***: ripmime terminated
======= Backtrace: =========
/lib64/libc.so.6(+0x77bdd)[0x7f493b999bdd]
/lib64/libc.so.6(__fortify_fail+0x37)[0x7f493ba36897]
/lib64/libc.so.6(+0x112a20)[0x7f493ba34a20]
/lib64/libc.so.6(+0x11219d)[0x7f493ba3419d]
/lib64/libc.so.6(__snprintf_chk+0x78)[0x7f493ba340b8]
ripmime[0x40a174]
ripmime[0x40ae84]
ripmime[0x40b9fb]
ripmime[0x406704]
ripmime[0x406f57]
ripmime[0x405138]
ripmime[0x406d7f]
ripmime[0x406f57]
ripmime[0x405138]
ripmime[0x40623c]
ripmime[0x402321]
ripmime[0x4023a6]
ripmime[0x4017ca]
/lib64/libc.so.6(__libc_start_main+0xf0)[0x7f493b942700]
ripmime[0x401895]
======= Memory map: ========
00400000-00420000 r-xp 00000000 08:02 1443267                            /usr/bin/ripmime
0061f000-00620000 r--p 0001f000 08:02 1443267                            /usr/bin/ripmime
00620000-00621000 rw-p 00020000 08:02 1443267                            /usr/bin/ripmime
00621000-00625000 rw-p 00000000 00:00 0
00820000-00822000 rw-p 00020000 08:02 1443267                            /usr/bin/ripmime
026b2000-026d3000 rw-p 00000000 00:00 0                                  [heap]
3221600000-3221616000 r-xp 00000000 08:02 1450582                        /usr/lib64/libgcc_s-5.3.1-20151207.so.1
3221616000-3221815000 ---p 00016000 08:02 1450582                        /usr/lib64/libgcc_s-5.3.1-20151207.so.1
3221815000-3221816000 r--p 00015000 08:02 1450582                        /usr/lib64/libgcc_s-5.3.1-20151207.so.1
3221816000-3221817000 rw-p 00016000 08:02 1450582                        /usr/lib64/libgcc_s-5.3.1-20151207.so.1
7f493b922000-7f493bad9000 r-xp 00000000 08:02 1443244                    /usr/lib64/libc-2.21.so
7f493bad9000-7f493bcd9000 ---p 001b7000 08:02 1443244                    /usr/lib64/libc-2.21.so
7f493bcd9000-7f493bcdd000 r--p 001b7000 08:02 1443244                    /usr/lib64/libc-2.21.so
7f493bcdd000-7f493bcdf000 rw-p 001bb000 08:02 1443244                    /usr/lib64/libc-2.21.so
7f493bcdf000-7f493bce3000 rw-p 00000000 00:00 0
7f493bce3000-7f493bd04000 r-xp 00000000 08:02 1453740                    /usr/lib64/ld-2.21.so
7f493beb7000-7f493beba000 rw-p 00000000 00:00 0
7f493beff000-7f493bf03000 rw-p 00000000 00:00 0
7f493bf03000-7f493bf04000 r--p 00020000 08:02 1453740                    /usr/lib64/ld-2.21.so
7f493bf04000-7f493bf05000 rw-p 00021000 08:02 1453740                    /usr/lib64/ld-2.21.so
7f493bf05000-7f493bf06000 rw-p 00000000 00:00 0
7fff8fef8000-7fff8ff19000 rw-p 00000000 00:00 0                          [stack]
7fff8ff38000-7fff8ff3a000 r--p 00000000 00:00 0                          [vvar]
7fff8ff3a000-7fff8ff3c000 r-xp 00000000 00:00 0                          [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]
Aborted (core dumped)

Expected results:

Extracts all parts without crashing.

Additional info:

Also tested on Fedora 23 with same results.

Downloaded http://www.pldaniels.com/ripmime/ripmime-1.4.0.10.tar.gz, problem does not show up in updated version. Just did a make and a test. No crash.
Comment 1 Bug Master 2016-02-18 18:56:28 UTC 
Created attachment 1128295 [details]
Test input that causes crash

I don't understand why uploading a file is so difficult.  I tried uploading, but it always says "You did not specify a file to attach."  So I clicked on "paste text as attachment", but it gives you a disabled textarea. I used inspector to remove the disabled. This is kinda rediculous that a person has to go through such lengths just to file a bug.
Comment 2 Fedora End Of Life 2016-07-19 18:44:05 UTC 
Fedora 22 changed to end-of-life (EOL) status on 2016-07-19. Fedora 22 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version. If you
are unable to reopen this bug, please file a new report against the
current release. If you experience problems, please add a comment to this
bug.

Thank you for reporting this bug and we are sorry it could not be fixed.