Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1183982 - Memory corruption when using oauth because of implicit declaration of rest_proxy_call_get_url
Memory corruption when using oauth because of implicit declaration of rest_pr...
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: rest (Show other bugs)
7.2
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: Debarshi Ray
Lukas Zachar
:
Depends On:
Blocks: CVE-2015-2675
  Show dependency treegraph
 
Reported: 2015-01-20 06:09 EST by Christophe Fergeau
Modified: 2015-11-19 03:33 EST (History)
3 users (show)

See Also:
Fixed In Version: rest-0.7.92-2.el7
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-11-19 03:33:31 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
GNOME Bugzilla 742644 None None None Never
Red Hat Product Errata RHSA-2015:2237 normal SHIPPED_LIVE Low: rest security update 2015-11-19 04:00:16 EST

  None (edit)
Description Christophe Fergeau 2015-01-20 06:09:54 EST 
See https://bugzilla.gnome.org/show_bug.cgi?id=742644 for a detailed description:

« 
Debarshi Ray [reporter] [developer] 2015-01-09 13:37:20 UTC 


The librest build has this warning which is not as harmless as it might appear:
  CC       librest_0.7_la-oauth-proxy-call.lo
oauth-proxy-call.c: In function 'sign_hmac':
oauth-proxy-call.c:130:3: warning: implicit declaration of function
'rest_proxy_call_get_url' [-Wimplicit-function-declaration]
   url_str = rest_proxy_call_get_url (call);
   ^
oauth-proxy-call.c:130:11: warning: assignment makes pointer from integer
without a cast
   url_str = rest_proxy_call_get_url (call);
           ^
The compiler assumes int as the return type, but in reality it returns a
pointer. Using the function without a prototype will lead to memory errors when
the size of an int is not the same as a pointer.

You can trigger a crash by running the EnsureCredentials method from the
org.gnome.OnlineAccounts.Account interface on an object representing a Flickr
account.
»

Fixed by https://git.gnome.org/browse/librest/commit/?id=b50ace7738ea03817acdad87fb2b338a86018329
Comment 1 Christophe Fergeau 2015-01-20 06:11:44 EST 
Moving to POST as a patch is available for this issue.
Comment 3 Florian Weimer 2015-03-04 05:57:03 EST 
CVE request posted: http://www.openwall.com/lists/oss-security/2015/03/04/6
Comment 12 Debarshi Ray 2015-05-07 12:21:34 EDT 
I have built rest-0.7.92-2.el7:
https://brewweb.devel.redhat.com/taskinfo?taskID=9127499
Comment 16 errata-xmlrpc 2015-11-19 03:33:31 EST 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-2237.html
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.