Bug 611402

Summary: star still broken for files of 100-character names
Product: Red Hat Enterprise Linux 6 Reporter: Lubomir Rintel <lkundrak>
Component: starAssignee: Ondrej Vasik <ovasik>
Status: CLOSED ERRATA QA Contact: Petr Sklenar <psklenar>
Severity: medium Docs Contact:
Priority: low    
Version: 6.0CC: azelinka, ovasik, pkovar, psklenar
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: star-1.5-10.el6 Doc Type: Bug Fix
Doc Text:
Under certain circumstances, the star utility could have terminated unexpectedly with a segmentation fault when used with a file which name was exactly 100 characters long. This segmentation fault has been fixed in this update and no longer occurs.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2011-07-13 08:38:19 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Lubomir Rintel 2010-07-05 06:30:51 UTC 
Consider this reproducer:

F=x/"Is there a single line of documentation without unnecessary insults shipped with Schilly's software?"
# man, that needs to be a mean guy
mkdir -p "$(dirname "$F")"
touch "$F"
rm -f lal.tar
star cf lal.tar "$F"

It appears to have the patch for the issue applied (I can not access the original bug report given it's private):

[liveuser@localhost ~]$ rpm -qi star
Name        : star                         Relocations: (not relocatable)
Version     : 1.5                               Vendor: Red Hat, Inc.
Release     : 9.el6                         Build Date: Thu 04 Feb 2010 12:50:54 PM CET
Install Date: Mon 05 Jul 2010 08:21:53 AM CEST      Build Host: hs20-bc2-5.build.redhat.com
Group       : Applications/Archiving        Source RPM: star-1.5-9.el6.src.rpm
Size        : 901662                           License: CDDL
Signature   : RSA/8, Tue 20 Apr 2010 07:59:46 PM CEST, Key ID 938a80caf21541eb
Packager    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
URL         : http://cdrecord.berlios.de/old/private/star.html
Summary     : An archiving tool with ACL support
Description :
Star saves many files together into a single tape or disk archive,
and can restore individual files from the archive. Star supports ACL.
[liveuser@localhost ~]$ rpm -q --changelog star |head
* Wed Feb 03 2010 Ondrej Vasik <ovasik> 1.5-9
- fix buffer overflow for files with names of length
  100 chars(#561503)

* Thu Aug 27 2009 Ondrej Vasik <ovasik> 1.5-8
- provide symlinked manpage for ustar

* Thu Aug 27 2009 Ondrej Vasik <ovasik> 1.5-7
- Merge review (#226434) changes: convert AN-1.5 to utf-8,
  spec file cosmetic/policy changes, ship README.linux in doc
[liveuser@localhost ~]$ 

Still, running it against that package results in an overflow:

[liveuser@localhost ~]$ sh repr.sh 
*** buffer overflow detected ***: star terminated
======= Backtrace: =========
/lib/libc.so.6(__fortify_fail+0x4d)[0x94c2dd]
/lib/libc.so.6[0x94a30a]
/lib/libc.so.6(__strcpy_chk+0x44)[0x9495e4]
star[0x806e03d]
star[0x805d934]
star[0x805eacf]
star[0x804c171]
star[0x804ec2b]
/lib/libc.so.6(__libc_start_main+0xe6)[0x86acc6]
star[0x804a091]
======= Memory map: ========
006fd000-0071a000 r-xp 00000000 fd:02 66363      /lib/libgcc_s-4.4.4-20100525.so.1
0071a000-0071b000 rw-p 0001d000 fd:02 66363      /lib/libgcc_s-4.4.4-20100525.so.1
00825000-00829000 r-xp 00000000 fd:02 66377      /lib/libattr.so.1.1.0
00829000-0082a000 rw-p 00003000 fd:02 66377      /lib/libattr.so.1.1.0
0082e000-0084c000 r-xp 00000000 fd:02 66342      /lib/ld-2.12.so
0084c000-0084d000 r--p 0001d000 fd:02 66342      /lib/ld-2.12.so
0084d000-0084e000 rw-p 0001e000 fd:02 66342      /lib/ld-2.12.so
00854000-009d9000 r-xp 00000000 fd:02 66343      /lib/libc-2.12.so
009d9000-009da000 ---p 00185000 fd:02 66343      /lib/libc-2.12.so
009da000-009dc000 r--p 00185000 fd:02 66343      /lib/libc-2.12.so
009dc000-009dd000 rw-p 00187000 fd:02 66343      /lib/libc-2.12.so
009dd000-009e0000 rw-p 00000000 00:00 0 
009e7000-009e8000 r-xp 00000000 00:00 0          [vdso]
009ff000-00a02000 r-xp 00000000 fd:02 66352      /lib/libdl-2.12.so
00a02000-00a03000 r--p 00002000 fd:02 66352      /lib/libdl-2.12.so
00a03000-00a04000 rw-p 00003000 fd:02 66352      /lib/libdl-2.12.so
00b3d000-00b5a000 r-xp 00000000 fd:02 66355      /lib/libselinux.so.1
00b5a000-00b5b000 r--p 0001c000 fd:02 66355      /lib/libselinux.so.1
00b5b000-00b5c000 rw-p 0001d000 fd:02 66355      /lib/libselinux.so.1
03700000-03707000 r-xp 00000000 fd:02 66382      /lib/libacl.so.1.1.0
03707000-03708000 rw-p 00006000 fd:02 66382      /lib/libacl.so.1.1.0
08048000-08095000 r-xp 00000000 fd:02 156778     /usr/bin/star
08095000-08097000 rw-p 0004d000 fd:02 156778     /usr/bin/star
08097000-080ae000 rw-p 00000000 00:00 0 
08ed3000-08ef4000 rw-p 00000000 00:00 0          [heap]
b6ff7000-b77fd000 rw-s 00000000 00:04 156346     /dev/zero (deleted)
b77fd000-b77ff000 rw-p 00000000 00:00 0 
b780d000-b780e000 rw-p 00000000 00:00 0 
bfb60000-bfb75000 rw-p 00000000 00:00 0          [stack]
repr.sh: line 6: 31172 Aborted                 star cf lal.tar "$F"

Consequently, rebuilding the package from source that's at ftp.redhat.com fixes the problem.

I can't really tell what went wrong since I can not have at the look at the build logs, but you'll hopefully figure.
Comment 2 Ondrej Vasik 2010-07-08 17:39:10 UTC 
Thanks for report, it's strange... will check that...
Comment 3 Ondrej Vasik 2010-07-12 12:59:57 UTC 
Rebuilding the package on RHEL-6 beta2 i686 doesn't solve the issue for me, the same for rebuilding in latest RHEL-6 trees in brew build system. Will check what's wrong - maybe you recompiled that on Fedora and the toolchain was different.
Comment 4 Lubomir Rintel 2010-07-12 13:27:50 UTC 
Ondrej, I was rebuilding on a RHEL 6 Beta 2 system.

However, it had a yum-priority plugin installed and fedora repositories with priority lower than one of RHEL repositories installed. I'm quite sure nothing from from Fedora replaced a RHEL package, however I had extra packages from Fedora installed. I'm not sure how could it cause my build to be correct (maybe I had some macros in .rpmfc that messed up optflags or something), however I'm glad that you could reproduce the issue more easily than me :)
Comment 6 Suzanne Logcher 2011-02-15 21:39:42 UTC 
This issue was proposed for RHEL 6.1 FasTrack but did not get resolved in time.
It has been moved to RHEL 6.2 FasTrack.
Comment 8 Suzanne Logcher 2011-02-15 22:03:16 UTC 
This issue was proposed for RHEL 6.1 FasTrack but did not get resolved in time.
It has been moved to RHEL 6.2 FasTrack.
Comment 11 Ondrej Vasik 2011-06-03 10:30:39 UTC 
*** Bug 635559 has been marked as a duplicate of this bug. ***
Comment 14 Petr Kovar 2011-06-28 13:42:03 UTC 
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Under certain circumstances, the star utility could have terminated unexpectedly with a segmentation fault when used with a file which name was exactly 100 characters long. This segmentation fault has been fixed in this update and no longer occurs.
Comment 17 errata-xmlrpc 2011-07-13 08:38:19 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-0932.html