161752 – buffer overflow in genkdmconf

Bug 161752 - buffer overflow in genkdmconf

Summary: buffer overflow in genkdmconf

Keywords:
Status:	CLOSED DUPLICATE of bug 161751
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	kdebase
Sub Component:
Version:	4
Hardware:	i686
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Than Ngo
QA Contact:	Ben Levenson
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2005-06-26 23:54 UTC by Andrea Santilli
Modified:	2007-11-30 22:11 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2005-06-27 11:34:16 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Andrea Santilli 2005-06-26 23:54:05 UTC

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; it-IT; rv:1.7.8) Gecko/20050524 Fedora/1.0.4-4 Firefox/1.0.4

Description of problem:
There is a buffer overflow in genkdmconf.
I've already reported the bug to security but the rpm should be fixed.

I discovered it by simply rebuilding the kdebase srpm.
In %install stage I got this error:

./genkdmconf --in /var/tmp/kdebase-3.4.1-0.fc4.1.kwinshadows-buildroot/usr/share/config/kdm --face-src ./pics
Information: reading old kdmrc /usr/share/config/kdm/kdmrc (from kde >= 2.2.x)
Information: dropping key SessionTypes from section [X-*-Greeter]
Information: old kdmrc is from kde 3.0
*** buffer overflow detected ***: ./genkdmconf terminated
======= Backtrace: =========
/lib/libc.so.6(__chk_fail+0x41)[0x635565]
/lib/libc.so.6[0x63502f]
/lib/libc.so.6(__snprintf_chk+0x37)[0x634f23]
./genkdmconf[0x804d846]
/lib/libc.so.6(__libc_start_main+0xc6)[0x56bde6]
./genkdmconf[0x8048fd1]
======= Memory map: ========
00171000-00172000 r-xp 00171000 00:00 0
00535000-0054f000 r-xp 00000000 03:06 51868689   /lib/ld-2.3.5.so
0054f000-00550000 r-xp 00019000 03:06 51868689   /lib/ld-2.3.5.so
00550000-00551000 rwxp 0001a000 03:06 51868689   /lib/ld-2.3.5.so
00557000-0067b000 r-xp 00000000 03:06 51872972   /lib/libc-2.3.5.so
0067b000-0067d000 r-xp 00124000 03:06 51872972   /lib/libc-2.3.5.so
0067d000-0067f000 rwxp 00126000 03:06 51872972   /lib/libc-2.3.5.so
0067f000-00681000 rwxp 0067f000 00:00 0
006a9000-006ab000 r-xp 00000000 03:06 51872974   /lib/libdl-2.3.5.so
006ab000-006ac000 r-xp 00001000 03:06 51872974   /lib/libdl-2.3.5.so
006ac000-006ad000 rwxp 00002000 03:06 51872974   /lib/libdl-2.3.5.so
008e8000-008f1000 r-xp 00000000 03:06 51872976   /lib/libgcc_s-4.0.0-20050520.so.1
008f1000-008f2000 rwxp 00009000 03:06 51872976   /lib/libgcc_s-4.0.0-20050520.so.1
009c2000-00a92000 r-xp 00000000 03:06 235041898  /usr/X11R6/lib/libX11.so.6.2
00a92000-00a96000 rwxp 000cf000 03:06 235041898  /usr/X11R6/lib/libX11.so.6.2
08048000-08058000 r-xp 00000000 03:06 2915703    /usr/src/redhat/BUILD/kdebase-3.4.1/kdm/kfrontend/genkdmconf
08058000-0805a000 rw-p 0000f000 03:06 2915703    /usr/src/redhat/BUILD/kdebase-3.4.1/kdm/kfrontend/genkdmconf
09364000-09385000 rw-p 09364000 00:00 0          [heap]
b7fc8000-b7fc9000 rw-p b7fc8000 00:00 0
b7ff5000-b7ff7000 rw-p b7ff5000 00:00 0
bfce1000-bfcf7000 rw-p bfce1000 00:00 0          [stack]

The bug is in line 2804 of kdm/kfrontend/genkdmconf.c file:
sprintf( nname, "%s/README", newdir );

Regards

Version-Release number of selected component (if applicable):
3.4.1-0.fc4.1

How reproducible:
Always

Steps to Reproduce:
1. Recompile the kdebase srpm
2. or compile and install kdebase sources
3. get the buffer overflow error
  

Actual Results:  get the *** buffer overflow detected *** error and all the backtrace while the installation calls genkdmconf

Expected Results:  no buffer overflow in genkdmconf

Additional info:

Comment 1 Andrea Santilli 2005-06-27 11:34:16 UTC


*** This bug has been marked as a duplicate of 161751 ***

Note You need to log in before you can comment on or make changes to this bug.