Bug 1842568

Summary:	nwipe logging can corrupt memory and segfault
Product:	[Fedora] Fedora EPEL	Reporter:	Daphne Shaw <dshaw>
Component:	nwipe	Assignee:	Michal Ambroz <rebus>
Status:	CLOSED ERRATA	QA Contact:	Fedora Extras Quality Assurance <extras-qa>
Severity:	unspecified	Docs Contact:
Priority:	unspecified
Version:	epel7	CC:	nick.craig.law, rebus
Target Milestone:	---
Target Release:	---
Hardware:	Unspecified
OS:	Unspecified
Whiteboard:
Fixed In Version:	nwipe-0.30-1.fc34 nwipe-0.30-1.fc33 nwipe-0.30-1.el8	Doc Type:	---
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2021-05-03 02:05:30 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description Daphne Shaw 2020-06-01 14:39:58 UTC

Description of problem:

nwipe logs in memory as well as printing the result.  In 0.26, there is a possible case where a log line "slot" that was already allocated for a short log line could be re-used for a longer log line, causing a buffer overflow.

Version-Release number of selected component (if applicable):

nwipe-0.26-1.el7.x86_64

How reproducible:

Reliably, but not 100% of the time.

Steps to Reproduce:
1. Using nwipe 0.26 wipe multiple disks with the GUI enabled.

Actual results:

Segfault or glibc abort if MALLOC_CHECK_ is in use.  It can also be seen using valgrind as an illegal write.

Expected results:

None of that.


Additional info:

This is a known bug, and fixed upstream (see https://github.com/martijnvanbrummelen/nwipe/commit/8bb3f9ff148466d2d93379a3772be66220e7ca01#diff-0377db1f497fac68751312e158d8d4b5 ) so updating to nwipe 0.28 should resolve the problem.

Comment 1 Nick Law 2021-02-20 22:38:42 UTC

Confirmed. I've submitted a pull request to update nwipe to 0.30

Comment 2 Fedora Update System 2021-04-25 20:32:25 UTC

FEDORA-2021-e83994b908 has been submitted as an update to Fedora 33. https://bodhi.fedoraproject.org/updates/FEDORA-2021-e83994b908

Comment 3 Fedora Update System 2021-04-25 20:32:48 UTC

FEDORA-2021-fb86d25ef5 has been submitted as an update to Fedora 34. https://bodhi.fedoraproject.org/updates/FEDORA-2021-fb86d25ef5

Comment 4 Fedora Update System 2021-04-25 20:33:14 UTC

FEDORA-EPEL-2021-990f808143 has been submitted as an update to Fedora EPEL 8. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-990f808143

Comment 5 Michal Ambroz 2021-04-25 20:35:48 UTC

Thank you ... pushing the bugfix release to all supported branches

Comment 6 Fedora Update System 2021-04-26 00:57:37 UTC

FEDORA-2021-fb86d25ef5 has been pushed to the Fedora 34 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-fb86d25ef5`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-fb86d25ef5

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 7 Fedora Update System 2021-04-26 01:46:30 UTC

FEDORA-2021-e83994b908 has been pushed to the Fedora 33 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-e83994b908`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-e83994b908

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 8 Fedora Update System 2021-04-26 01:47:00 UTC

FEDORA-EPEL-2021-990f808143 has been pushed to the Fedora EPEL 8 testing repository.

You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-990f808143

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 9 Fedora Update System 2021-05-03 02:05:30 UTC

FEDORA-2021-fb86d25ef5 has been pushed to the Fedora 34 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 10 Fedora Update System 2021-05-04 01:17:15 UTC

FEDORA-2021-e83994b908 has been pushed to the Fedora 33 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 11 Fedora Update System 2021-05-11 01:43:36 UTC

FEDORA-EPEL-2021-990f808143 has been pushed to the Fedora EPEL 8 stable repository.
If problem still persists, please make note of it in this bug report.