Bug 161752 - buffer overflow in genkdmconf
buffer overflow in genkdmconf
Status: CLOSED DUPLICATE of bug 161751
Product: Fedora
Classification: Fedora
Component: kdebase (Show other bugs)
4
i686 Linux
medium Severity medium
: ---
: ---
Assigned To: Ngo Than
Ben Levenson
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-06-26 19:54 EDT by Andrea Santilli
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-06-27 07:34:16 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Andrea Santilli 2005-06-26 19:54:05 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; it-IT; rv:1.7.8) Gecko/20050524 Fedora/1.0.4-4 Firefox/1.0.4

Description of problem:
There is a buffer overflow in genkdmconf.
I've already reported the bug to security@kde.org but the rpm should be fixed.

I discovered it by simply rebuilding the kdebase srpm.
In %install stage I got this error:

./genkdmconf --in /var/tmp/kdebase-3.4.1-0.fc4.1.kwinshadows-buildroot/usr/share/config/kdm --face-src ./pics
Information: reading old kdmrc /usr/share/config/kdm/kdmrc (from kde >= 2.2.x)
Information: dropping key SessionTypes from section [X-*-Greeter]
Information: old kdmrc is from kde 3.0
*** buffer overflow detected ***: ./genkdmconf terminated
======= Backtrace: =========
/lib/libc.so.6(__chk_fail+0x41)[0x635565]
/lib/libc.so.6[0x63502f]
/lib/libc.so.6(__snprintf_chk+0x37)[0x634f23]
./genkdmconf[0x804d846]
/lib/libc.so.6(__libc_start_main+0xc6)[0x56bde6]
./genkdmconf[0x8048fd1]
======= Memory map: ========
00171000-00172000 r-xp 00171000 00:00 0
00535000-0054f000 r-xp 00000000 03:06 51868689   /lib/ld-2.3.5.so
0054f000-00550000 r-xp 00019000 03:06 51868689   /lib/ld-2.3.5.so
00550000-00551000 rwxp 0001a000 03:06 51868689   /lib/ld-2.3.5.so
00557000-0067b000 r-xp 00000000 03:06 51872972   /lib/libc-2.3.5.so
0067b000-0067d000 r-xp 00124000 03:06 51872972   /lib/libc-2.3.5.so
0067d000-0067f000 rwxp 00126000 03:06 51872972   /lib/libc-2.3.5.so
0067f000-00681000 rwxp 0067f000 00:00 0
006a9000-006ab000 r-xp 00000000 03:06 51872974   /lib/libdl-2.3.5.so
006ab000-006ac000 r-xp 00001000 03:06 51872974   /lib/libdl-2.3.5.so
006ac000-006ad000 rwxp 00002000 03:06 51872974   /lib/libdl-2.3.5.so
008e8000-008f1000 r-xp 00000000 03:06 51872976   /lib/libgcc_s-4.0.0-20050520.so.1
008f1000-008f2000 rwxp 00009000 03:06 51872976   /lib/libgcc_s-4.0.0-20050520.so.1
009c2000-00a92000 r-xp 00000000 03:06 235041898  /usr/X11R6/lib/libX11.so.6.2
00a92000-00a96000 rwxp 000cf000 03:06 235041898  /usr/X11R6/lib/libX11.so.6.2
08048000-08058000 r-xp 00000000 03:06 2915703    /usr/src/redhat/BUILD/kdebase-3.4.1/kdm/kfrontend/genkdmconf
08058000-0805a000 rw-p 0000f000 03:06 2915703    /usr/src/redhat/BUILD/kdebase-3.4.1/kdm/kfrontend/genkdmconf
09364000-09385000 rw-p 09364000 00:00 0          [heap]
b7fc8000-b7fc9000 rw-p b7fc8000 00:00 0
b7ff5000-b7ff7000 rw-p b7ff5000 00:00 0
bfce1000-bfcf7000 rw-p bfce1000 00:00 0          [stack]

The bug is in line 2804 of kdm/kfrontend/genkdmconf.c file:
sprintf( nname, "%s/README", newdir );

Regards

Version-Release number of selected component (if applicable):
3.4.1-0.fc4.1

How reproducible:
Always

Steps to Reproduce:
1. Recompile the kdebase srpm
2. or compile and install kdebase sources
3. get the buffer overflow error
  

Actual Results:  get the *** buffer overflow detected *** error and all the backtrace while the installation calls genkdmconf

Expected Results:  no buffer overflow in genkdmconf

Additional info:
Comment 1 Andrea Santilli 2005-06-27 07:34:16 EDT

*** This bug has been marked as a duplicate of 161751 ***

Note You need to log in before you can comment on or make changes to this bug.