Bug 785852

Summary: include ruby patch to resolve buffer overflow
Product: Red Hat Enterprise Linux 5 Reporter: Rob Millner <rmillner>
Component: rubyAssignee: Vít Ondruch <vondruch>
Status: CLOSED WORKSFORME QA Contact: BaseOS QE - Apps <qe-baseos-apps>
Severity: medium Docs Contact:
Priority: medium    
Version: 5.7CC: bill-bugzilla.redhat.com, mfisher, psplicha, reiber, wcooley, wnefal+redhatbugzilla
Target Milestone: rcKeywords: EasyFix, Patch
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-06-13 18:18:30 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 773704, 834381    
Attachments:
Description Flags
Output from gem install
none
Ruby commit 65e137a none

Description Rob Millner 2012-01-30 19:03:05 UTC 
Created attachment 558423 [details]
Output from gem install

Description of problem:
Installing the OpenShift tools with gem causes ruby to abort on a buffer overflow.  The problem has been resolved by ruby commit 65e137a which can be applied to the version of ruby that ships in RHEL 5.

https://github.com/ruby/ruby/commit/65e137a74c1a6c1dddac44ca6f9d569828fb38d8#ext/syck/rubyext.c

Version-Release number of selected component (if applicable):
RHEL 5.7, ruby-1.8.5-19.el5_6.1

Gem (from EPEL) exposes the problem: rubygems-1.3.1-1.el5


How reproducible:
Always.


Steps to Reproduce:
1. On RHEL 5.7, install ruby, EPEL and rubygems from EPEL.
2. "gem install rhc"
  
Actual results:

[root@ip-10-204-97-214 ~]# gem install rhc
*** buffer overflow detected ***: /usr/bin/ruby terminated
======= Backtrace: =========
/lib/i686/nosegneg/libc.so.6(__chk_fail+0x41)[0x9e4fb1]
/usr/lib/ruby/1.8/i386-linux/syck.so(rb_syck_mktime+0x501)[0x6df8a1]
/usr/lib/ruby/1.8/i386-linux/syck.so(yaml_org_handler+0x838)[0x6e01b8]
/usr/lib/ruby/1.8/i386-linux/syck.so(syck_defaultresolver_node_import+0x3f)[0x6e051f]
/usr/lib/libruby.so.1.8[0xb82d7a]
/usr/lib/libruby.so.1.8[0xb8a45b]
/usr/lib/libruby.so.1.8[0xb8b178]
/usr/lib/libruby.so.1.8[0xb8b732]

etc...

Expected results:

[root@ip-10-72-222-230 ~]# gem install rhc
Successfully installed json_pure-1.6.5
Successfully installed parseconfig-0.5.2
Successfully installed rhc-0.84.15
3 gems installed
Installing ri documentation for parseconfig-0.5.2...
Installing RDoc documentation for parseconfig-0.5.2...


Additional info:

Also, this isn't specific to the 'rhc' rubygem.  There are other examples of
this behavior as well:

https://github.com/brianmario/yajl-ruby/issues/89
https://github.com/ezmobius/redis-rb/issues/131
Comment 1 Rob Millner 2012-01-30 19:06:37 UTC 
Created attachment 558424 [details]
Ruby commit 65e137a

The whole patch.  Cangelog diff doesn't apply cleanly to ruby-1.8.5-19.el5_6.1 but the code itself does.
Comment 2 Vít Ondruch 2012-03-01 14:08:07 UTC 
Thank you for reporting. The patch seems feasible and solves OpenShift issues with installing gems.
Comment 10 RHEL Program Management 2012-06-12 01:06:34 UTC 
This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated in the
current release, Red Hat is unfortunately unable to address this
request at this time. Red Hat invites you to ask your support
representative to propose this request, if appropriate and relevant,
in the next release of Red Hat Enterprise Linux.
Comment 11 Rob Millner 2012-06-13 18:18:30 UTC 
Somewhere along the way we were able to work around this issue.  Closing.  Thanks!
Comment 12 Bill McGonigle 2012-07-11 16:39:22 UTC 
Looking at bug 773704 , this was worked around for openshift, but all other ruby gems installs are still broken (at least the half dozen I tried).

ruby-1.8.5-24.el5
rubygems-1.3.1-1.el5


# gem install fpm
*** buffer overflow detected ***: /usr/bin/ruby terminated
======= Backtrace: =========
/lib/i686/nosegneg/libc.so.6(__chk_fail+0x41)[0x547ba1]
/usr/lib/ruby/1.8/i386-linux/syck.so(rb_syck_mktime+0x501)[0xd926a1]
/usr/lib/ruby/1.8/i386-linux/syck.so(yaml_org_handler+0x838)[0xd92fb8]
/usr/lib/ruby/1.8/i386-linux/syck.so(syck_defaultresolver_node_import+0x3f)[0xd9331f]
/usr/lib/libruby.so.1.8[0x1b7e2a]
/usr/lib/libruby.so.1.8[0x1bf55b]
/usr/lib/libruby.so.1.8[0x1c0278]
/usr/lib/libruby.so.1.8[0x1c0832]
/usr/lib/libruby.so.1.8(rb_funcall+0x20)[0x1c09c0]
/usr/lib/ruby/1.8/i386-linux/syck.so(rb_syck_load_handler+0x69)[0xd920c9]
Comment 13 Vít Ondruch 2012-07-12 05:51:54 UTC 
(In reply to comment #12)
> Looking at bug 773704 , this was worked around for openshift, but all other
> ruby gems installs are still broken (at least the half dozen I tried).

Hi Bill,

The fix is scheduled for next Red Hat Enterprise Linux 5 release. Stay tuned.
Comment 14 Bill McGonigle 2012-07-12 17:48:44 UTC 
Thanks, Vít!
Comment 15 Paul Reiber 2013-02-05 23:29:34 UTC 
Greetings Vít,

You wrote:
> The fix is scheduled for next Red Hat Enterprise Linux 5 release. Stay tuned.

The problem still appears to exist in ruby-1.8.5-19.el5_6.1.x86_64

Can you confirm if a fix was applied to that version, or if possibly a fix is still in the works for a future version?

Thank you so much!
-Paul
Comment 16 Vít Ondruch 2013-02-06 08:02:42 UTC 
(In reply to comment #15)
Hello Paul,

You version of Ruby is quite old indeed. The most recent version of Ruby available in Red Hat Enterprise Linux 5 is ruby-1.8.5-27.el5.x86_64.rpm covered by this [1] errata. Please update to this version. Thank you.

[1] http://rhn.redhat.com/errata/RHSA-2013-0129.html