Description of problem: If you try to open serial device using path longer than 80 characters, rxtx segfaults. Version-Release number of selected component (if applicable): all How reproducible: always Steps to Reproduce: 1. open device using device file path longer than 80 characters Actual results: *** buffer overflow detected ***: java terminated ======= Backtrace: ========= /lib64/libc.so.6[0x330d677d9e] /lib64/libc.so.6(__fortify_fail+0x37)[0x330d711db7] /lib64/libc.so.6[0x330d70ff30] /lib64/libc.so.6[0x330d70f489] /lib64/libc.so.6(_IO_default_xsputn+0x80)[0x330d67b490] /lib64/libc.so.6(_IO_vfprintf+0x15c6)[0x330d649bc6] /lib64/libc.so.6(__vsprintf_chk+0x88)[0x330d70f518] /lib64/libc.so.6(__sprintf_chk+0x7d)[0x330d70f46d] /usr/lib64/rxtx/librxtxSerial-2.2pre1.so(is_device_locked+0x484)[0x7f8c9da3bbe4] /usr/lib64/rxtx/librxtxSerial-2.2pre1.so(check_lock_status+0x49)[0x7f8c9da3bd19] /usr/lib64/rxtx/librxtxSerial-2.2pre1.so(fhs_lock+0x92)[0x7f8c9da3be12] /usr/lib64/rxtx/librxtxSerial-2.2pre1.so(Java_gnu_io_RXTXPort_open+0xab)[0x7f8c9da3c02b] Expected results: Additional info:
Created attachment 1010096 [details] Patch which converts strcpy to strncpy Issue with long path names comes from insecure use of strcpy. In almost all cases strcpy is used for generating internal debug messages, which are not normally presented. Simple conversion to strncpy limits length of reported messages.
Created attachment 1020852 [details] Add rebased version of first patch, update spec file to 0.14 Adding complete patch also for spec file, release 0.14. The patch in comment #1 is rebased to 0.13. Scratch builds: http://koji.fedoraproject.org/koji/taskinfo?taskID=9616716 http://koji.fedoraproject.org/koji/taskinfo?taskID=9616743 http://koji.fedoraproject.org/koji/taskinfo?taskID=9616780 The patched attached in this bug is arguably a security fix. Would appreciate if this version was pushed also to f21/f22, see bug #1212417.
rxtx-2-0.14.20100211 is available in my copr repo at https://copr.fedoraproject.org/coprs/leamas/harctoolbox/
rxtx-2.2-0.14.20100211.fc22 has been submitted as an update for Fedora 22. https://admin.fedoraproject.org/updates/rxtx-2.2-0.14.20100211.fc22
rxtx-2.2-0.14.20100211.fc21 has been submitted as an update for Fedora 21. https://admin.fedoraproject.org/updates/rxtx-2.2-0.14.20100211.fc21
Package rxtx-2.2-0.14.20100211.fc21: * should fix your issue, * was pushed to the Fedora 21 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing rxtx-2.2-0.14.20100211.fc21' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2015-7579/rxtx-2.2-0.14.20100211.fc21 then log in and leave karma (feedback).
rxtx-2.2-0.14.20100211.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
rxtx-2.2-0.14.20100211.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.