Bug 186680 - eximon buffer overflow
eximon buffer overflow
Status: CLOSED DUPLICATE of bug 186303
Product: Fedora
Classification: Fedora
Component: exim (Show other bugs)
4
All Linux
medium Severity medium
: ---
: ---
Assigned To: David Woodhouse
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-03-25 06:21 EST by Frank Mueller
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-03-25 06:46:33 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Frank Mueller 2006-03-25 06:21:46 EST
Description of problem:

eximon dies on Fedora 4 with the following message, worked fine in Fedora 3.
Problem still present in recent 4.60-4 update

Exim Monitor version 2.05 (compiled 5-Oct-2005 06:17:32) initializing
.*** buffer overflow detected ***: /usr/sbin/eximon.bin terminated

Reason: in FC4 glibc has been compiled with FORTIFY_SOURCE. 
basename is defined to short to hold the \0

Patch that worked for me and has been included upstream (bug #73 on exim.org)

--- exim-4.54/exim_monitor/em_queue.c.orig      2006-01-22 11:00:03.000000000 +0100
+++ exim-4.54/exim_monitor/em_queue.c   2006-01-22 10:58:42.000000000 +0100
@@ -497,7 +497,7 @@
         name[SPOOL_NAME_LENGTH - 2] == '-' &&
         name[SPOOL_NAME_LENGTH - 1] == 'H')
       {
-      uschar basename[SPOOL_NAME_LENGTH];
+      uschar basename[SPOOL_NAME_LENGTH+1];
       stripchart_total[0]++;
       if (!eximon_initialized) { printf("."); fflush(stdout); }
       Ustrcpy(basename, name);

Additional info:
Comment 1 David Woodhouse 2006-03-25 06:46:33 EST
Problem no longer present in even _more_ recent 4.60-5 update.

*** This bug has been marked as a duplicate of 186303 ***

Note You need to log in before you can comment on or make changes to this bug.