Bug 1650955

Summary: foremost crashes due to bad fedora patch
Product: [Fedora] Fedora Reporter: Jon Burgess <jburgess777>
Component: foremostAssignee: Filipe Rosset <rosset.filipe>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 29CC: a.badger, rosset.filipe, stickster
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: foremost-1.5.7-20.fc28 foremost-1.5.7-20.fc29 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-12-04 02:22:29 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jon Burgess 2018-11-18 02:14:50 UTC 
Description of problem: running foremost again a hard drive image results in a crash. The problem is cause by a bad patch applied by Fedora for a format string issue.


Version-Release number of selected component (if applicable):

foremost-1.5.7-19.fc29.x86_64

How reproducible:

Every time on one particular disk image

Steps to Reproduce:
1. foremost -v /dev/sda2
2. after a while there is a segfault


Actual results:

Processing: /dev/sda2
|------------------------------------------------------------------
File: /dev/sda2
Start: Sun Nov 18 01:49:58 2018
Length: 3 TB (4000650887168 bytes)
 
Num      Name (bs=512)         Size      File Offset     Comment 

************************************************************************************************************************
Program received signal SIGSEGV, Segmentation fault.


Expected results:

no segfault

Additional info:

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff7eee6a6 in __vsprintf_chk () from /lib64/libc.so.6
(gdb) bt
#0  0x00007ffff7eee6a6 in __vsprintf_chk () from /lib64/libc.so.6
#1  0x00007ffff7eee60e in __sprintf_chk () from /lib64/libc.so.6
#2  0x000000000040a075 in sprintf (__fmt=0x7fffffffc290 "\002\240", __s=0x40ccd4 "%s") at /usr/include/bits/stdio2.h:36
#3  extract_exe (s=0x4cf260, c_offset=26958665, 
    foundat=0x7ffff3396e3f "PE(XO\323\304{\033\361I5Α\020\004\341\021:\377X\306\321\332\027\266\230@\307\355a\264愣*\356\021\346\177r\365\373\356Y5|՛ؤOґtvu\314f\027\026\025A\334\341t\017\307\352\227\350־\320\370\222\vp\243\237H\312\001\217\320EC\272\204\327\031jL\312\302\364\r\242Vԩ;\273﮶2\324`E'\002\\\032\336\003\323\360\223V\r\025\237\215\366\232o\006\200;>\250\352\034\004]\024\064ՄS\005\361t", buflen=77898935, needle=0x43ad20 <search_spec+170720>, f_offset=12582912000) at extract.c:2153


The problem caused by the Fedora foremost-format-security.patch

-       sprintf(comment, ascii_time);
+       sprintf("%s", comment, ascii_time);

This is a bogus fix, it is attempting to write into the constant string "%s"

The correct fix would be:

sprintf(comment, "%s", ascii_time);


This same bug seems to have been reported multiple times in the past but all previous bugs have been closed without a fix.
Comment 1 Fedora Update System 2018-11-19 23:10:33 UTC 
foremost-1.5.7-20.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2018-15219ff2fb
Comment 2 Fedora Update System 2018-11-19 23:10:37 UTC 
foremost-1.5.7-20.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-957d52e55a
Comment 3 Fedora Update System 2018-11-19 23:10:41 UTC 
foremost-1.5.7-20.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2018-9692390bb5
Comment 4 Fedora Update System 2018-11-21 04:31:32 UTC 
foremost-1.5.7-20.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-957d52e55a
Comment 5 Fedora Update System 2018-11-21 05:10:37 UTC 
foremost-1.5.7-20.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-9692390bb5
Comment 6 Fedora Update System 2018-11-21 14:30:59 UTC 
foremost-1.5.7-20.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-15219ff2fb
Comment 7 Fedora Update System 2018-12-04 02:22:29 UTC 
foremost-1.5.7-20.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report.
Comment 8 Fedora Update System 2018-12-04 03:04:22 UTC 
foremost-1.5.7-20.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.